help with Win 10 laptop slowing to snails pace,etc

D

Delusion

Member
Joined
Nov 3, 2022
Posts
20
SPECCY SNAPSHOT: http://speccy.piriform.com/results/7aft7nhqGwPn7bJIlL7c1Fj

  • A brief description of your problem
=Newly acquired OLDER laptop. Had to fully update the Bios from original to current. Did these updates one at a time, CORRECTLY.
=Updated drivers fully at Mfgr website (Dell)
=System runs very slow. High CPU, High Disk, and High Mem usage almost all the time, even when pretty much idle. System and SvcHost:SysMain, as well as MS Edge and Antimalware using most of disk.
=I had to uninstall my Bitdefender pkg because of course, its a disk and mem hog. Went back to just windows defender, but have MWBytes free installed at the moment so i could run that scan which finds nothing.
=sfc finds no problems. have not run DISM due to slowness

=ran Sysnative app and it took forever. After checking documents folder, I did find the logs and output, but no self-generated zip (will be included in this post)
  • System Manufacturer? DELL Inspiron 15-3567
  • Laptop or Desktop? LAPTOP
  • OS ? (Windows 10 x64 bit
  • What was original installed OS on system?, NOT SURE - THINK I saw that it was 8.1 upgraded to 10 (by OEM)
  • Age of system? (hardware) 2017
  • Age of OS installation? 01/24/2023 i reinstalled)
  • Have you re-installed the OS? yes
  • CPU Intel Core i3 7100U
  • RAM (brand, EXACT model, what slots are you using?)


  • Number Of SPD Modules 2
    Slot #1
    Type Unknown
    Size 4096 MBytes
    Manufacturer Hyundai Electronics
    Max Bandwidth DDR4-2400 (1200 MHz)
    Part Number HMA851S6AFR6N-UH
    Serial Number 673813524
    Week/year 46 / 16
  • Slot #2
    Type Unknown
    Size 2048 MBytes
    Manufacturer Micron Technology
    Max Bandwidth DDR4-2400 (1200 MHz)
    Part Number 4ATF25664HZ-2G3B1
    Serial Number 357569794
    Week/year 02 / 17

  • Video Card Intel HD Graphics 620

  • Is driver verifier enabled or disabled? ?? I'm not sure ?? I have the option to run the command on my Start Menu???

  • What security software are you using? (Firewall, antivirus, antimalware, antispyware, and so forth) I use the standard Windows Defender and Windows Firewall, but currently have Malwarebytes in place. Also noting that Speccy shows Spyboy - Serch & Destroy as installed but disabled, but that was uninstalled a long while back.

  • Are you using proxy, vpn, ipfilters or similar software? NONE
  • Are you using Disk Image tools? (like daemon tools, alcohol 52% or 120%, virtual CloneDrive, roxio software) NONE
  • Are you currently under/overclocking? Are there overclocking software installed on your system? Not to my knowledge.
 

Attachments

Is the system BSODing or crashing? It would seem not and it's just running slow? In that case you'd be better off posting this in the Windows 10 forum. This forum is for BSODs and crashes.
 
  • In the command prompt (admin), type (copy/paste): cleanmgr /sageset:1
    A cleanmgr window will be presented, in which you can choose the items to be deleted. I'd select them all...
    To start the cleanup, you need to launch this other command: cleanmgr /sagerun:1
    And the cleanup will start: wait until it finishes.
  • In the command prompt (admin), type (copy/paste): Dism /Online /Cleanup-Image /CheckHealth
    If the result is No component store corruption detected, then launch this other command: dism /online /cleanup-image /startcomponentcleanup /resetbase
  • Download and install iobit driver booster free.
    Open it, click tools, click Clean invalid device data, scan, clean, close.
    Use only this function of it.
  • In the command prompt (admin), type (copy/paste): chkdsk c: /scan /perf
    Wait until it finishes.
    If Windows has scanned the file system and found no problems, post the result:
    Read More:
    Otherwise, post everything.
 
Last edited:
While I DO appreciate your attention to this post that has been transferred, I did reach out elsewhere after the response from ubuya regarding the machine not BSODing or crashing...

Sysnative was very helpful to me with a previous device and I'm grateful..

I just wanted to make the statement here about posting elsewhere...... If that is not successful I will return here later.

Thanks!
 
C:\Windows\system32>cleanmgr /sageset:1

C:\Windows\system32>cleanmgr /sageset:1

C:\Windows\system32>cleanmgr /sagerun:1

C:\Windows\system32>cleanmgr /sagerun:1

C:\Windows\system32>Dism /Online /Cleanup-Image /CheckHealth

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.2965

No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>dism /online /cleanup-image /startcomponentcleanup /resetbase

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.2965

[===== 10.0% ]
[==========================100.0%==========================]
The operation completed successfully.

C:\Windows\system32>chkdsk c: /scan /perf
The type of the file system is NTFS.

Stage 1: Examining basic file system structure ...
644608 file records processed.
File verification completed.
Phase duration (File record verification): 12.76 minutes.
10545 large file records processed.
Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 2.64 milliseconds.

Stage 2: Examining file name linkage ...
8889 reparse records processed.
858156 index entries processed.
Index verification completed.
Phase duration (Index verification): 1.27 minutes.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 2.66 seconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 16.61 milliseconds.
8889 reparse records processed.
Phase duration (Reparse point and Object ID verification): 56.68 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 130.42 milliseconds.
106775 data files processed.
Phase duration (Data attribute verification): 1.70 milliseconds.
CHKDSK is verifying Usn Journal...
xilolee said:
  • In the command prompt (admin), type (copy/paste): cleanmgr /sageset:1
    A cleanmgr window will be presented, in which you can choose the items to be deleted. I'd select them all...
    To start the cleanup, you need to launch this other command: cleanmgr /sagerun:1
    And the cleanup will start: wait until it finishes.
  • In the command prompt (admin), type (copy/paste): Dism /Online /Cleanup-Image /CheckHealth
    If the result is No component store corruption detected, then launch this other command: dism /online /cleanup-image /startcomponentcleanup /resetbase
  • Download and install iobit driver booster free.
    Open it, click tools, click Clean invalid device data, scan, clean, close.
    Use only this function of it.
  • In the command prompt (admin), type (copy/paste): chkdsk c: /scan /perf
    Wait until it finishes.
    If Windows has scanned the file system and found no problems, post the result:
    Read More:
    Otherwise, post everything.
Click to expand...

37803152 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 541.02 millise
Windows has scanned the file system and found no problems.
No further action is required.

974975999 KB total disk space.
514379912 KB in 271397 files.
204184 KB in 106776 indexes.
0 KB in bad sectors.
788539 KB in use by the system.
65536 KB occupied by the log file.
459603364 KB available on disk.

Life happens. I had to deal with some of it. Still going through a lot of it.

Went to BC, which is my home, but instead of my regular, who knows me and can be quick
a student jumped in and grabbed my post --- i didn't have time for an 8 hour hard drive scan at that
time and then I had to work on saving some properties from foreclosure on my father's Estate. .

life happens. I hate it. True Story.
but
I'm back.

computer does not blue screen. but it truly seems like a extra-terrestrial at times with EITHER high CPU & HIGH disk
OR high Mem. Top 3 players? #1 Microsoft Edge, #2 System, and #3 SysMain

I run FARBAR Once in awhile just to see if I see anything weird.

and a lot of my tools seem to see Spybot, which hasn't been used in MONTHS... it was uninstalled and i can't find it anywhere,
I had BitDefender on my Lenovo till i fried the power supply, but this computer herre? .....dont have the patience for BD cuz it is a
Memory HOG, however, many of mty tools seem to see bits of BD still installed, and also..... seem to see Proxy items here and there that
i havent spotted yet..
 
I run FARBAR Once in awhile just to see if I see anything weird.
Click to expand...

I think it would be useful if you posted the 2 logs created by FRST tool.
 
Reinstall BD & Spybot. Download Revo Uninstaller (Free) and completely uninstall both. If no good, run a memory test of your Ram, both slots. If OK they still might not be colpletely compatible with each other. I don't like to mix brands.
 
Corday said:
Reinstall BD & Spybot. Download Revo Uninstaller (Free) and completely uninstall both. If no good, run a memory test of your Ram, both slots. If OK they still might not be colpletely compatible with each other. I don't like to mix brands.
Click to expand...
DR M said:
I think it would be useful if you posted the 2 logs created by FRST tool.
Click to expand...
Thank you. I will post those logs now, but be aware that at the same time, I am downloading both BitDefender and Spybot Search & Destroy. I will run each of them (one at a time), and uninstall after reviewing the results later

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by nc2un (administrator) on BLU-SKYZ (Dell Inc. Inspiron 15-3567) (10-06-2023 16:37:42)
Running from C:\Users\nc2un\Desktop\FRST64.exe
Loaded Profiles: nc2un
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_b117548b2e075ba1\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll (No File)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\Windows\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {090EBEC6-1D22-4068-A251-27C59E020553} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D2B0645-FCE9-4F93-805A-9751CCD05CFB} - System32\Tasks\DelayedItemsByChemtableSoftware\Spy Protector => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
Task: {26ECDF3E-36A5-4025-AF9C-6C5F6AA920DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {38B53D42-138D-4DA6-A032-FE2432A64DE0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3EF7D194-B519-4CC6-99E2-28F6F49BB7DE} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.4.0\AutoUpdate.exe [2516968 2023-05-08] (IObit CO., LTD -> IObit)
Task: {42FA2E82-F92F-4BDC-A52A-6720F5F64585} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {449993A9-17B5-4A72-9F32-BAC20432724E} - System32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {5BB03B07-45BA-4A42-B185-CE297786DA6C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DE17E1B-1086-426C-91EA-A4B03EA3B9E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33} - System32\Tasks\Patch My PC => C:\Users\nc2un\Downloads\PatchMyPC.exe [2596376 2023-06-08] (Patch My PC, LLC -> Patch My PC, LLC)
Task: {7254C5B5-9B6B-4DEB-8649-40B863A37B47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {72D92EB0-27C0-45E6-BA0F-9014271C0E5B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {83E696D6-8B4D-4190-A9C1-8ACB6F287AD6} - System32\Tasks\DelayedItemsByChemtableSoftware\IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
Task: {95D09EED-1F5F-41F1-9EDA-3297A3A36837} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.4.0\Scheduler.exe [159208 2023-05-08] (IObit CO., LTD -> IObit)
Task: {A542FBFE-1318-4127-91FB-A0CB6BC91BCE} - System32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {AE4E977C-4A57-43A3-9320-50DDA00D153A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B28A162C-4BC6-4660-8354-DE01F3ED4848} - System32\Tasks\DelayedItemsByChemtableSoftware\SecurityHealth => C:\Windows\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C5B0C8AC-8013-4E8E-9A56-73148840FEAE} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-2792867324-3544351356-3005626667-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2157304 2023-06-02] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {FF907022-35EA-4197-8A84-994FE977BA17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 216.167.161.35 216.167.161.36
Tcpip\..\Interfaces\{8fa5c09c-6499-47e9-ac82-1a13d14702d2}: [DhcpNameServer] 216.167.161.35 216.167.161.36

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-10]
Edge Notifications: Default -> hxxps://www.paramountplus.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-06-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-05-26]
Edge Extension: (DuckDuckGo) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-06-08]
Edge Extension: (Turn Off the Lights) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmamkbgpnienhphflfdamlhnljffjdgm [2023-02-08]
Edge Extension: (Edge relevant text changes) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-27]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-06-09]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default [2023-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-20]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (No Name) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-26]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-30]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [414728 2017-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe" [X]
S2 Intel(R) TPM Provisioning Service; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [280064 2023-01-24] (Microsoft Corporation) [File not signed]
S3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 HWiNFO_174; no ImagePath
R3 MpKsld6b8cce3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F615C58-E518-45E0-BC7B-454E7FC095B2}\MpKslDrv.sys [213288 2023-06-10] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-10 16:37 - 2023-06-10 16:39 - 000016962 _____ C:\Users\nc2un\Desktop\FRST.txt
2023-06-10 16:30 - 2023-06-10 16:31 - 000000000 ____D C:\Program Files (x86)\Qualcomm Wireless
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\system32\nn-NO
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\Options
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Program Files (x86)\Cisco
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athw10x.sys
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2023-06-10 16:30 - 2014-05-13 21:07 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2023-06-10 16:30 - 2014-05-13 21:06 - 000440320 ____N (Atheros) C:\Windows\system32\athihvs.dll
2023-06-10 16:28 - 2023-06-10 16:28 - 099715840 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Wireless-1707-Qualcomm-9565-WiFi-and-Bluetooth_G66T8_WIN_10.0.3.458_A13_01.EXE
2023-06-10 03:03 - 2023-06-10 03:03 - 000087284 _____ C:\Users\nc2un\Documents\6.10.23 home and open found this.txt
2023-06-10 02:59 - 2023-06-10 02:59 - 000003180 _____ C:\Windows\system32\Tasks\Driver Booster Scheduler
2023-06-10 02:59 - 2023-06-10 02:59 - 000003166 _____ C:\Windows\system32\Tasks\Driver Booster Update
2023-06-10 02:59 - 2023-06-10 02:59 - 000000000 ____D C:\Users\nc2un\AppData\LocalLow\IObit
2023-06-10 02:59 - 2023-06-10 02:59 - 000000000 ____D C:\ProgramData\ProductData
2023-06-10 02:58 - 2023-06-10 02:59 - 000002370 _____ C:\Users\Public\Desktop\Driver Booster 10.lnk
2023-06-10 02:58 - 2023-06-10 02:59 - 000000000 ____D C:\ProgramData\IObit
2023-06-10 02:58 - 2023-06-10 02:58 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\IObit
2023-06-10 02:58 - 2023-06-10 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10
2023-06-10 02:58 - 2023-06-10 02:58 - 000000000 ____D C:\Program Files (x86)\IObit
2023-06-09 22:34 - 2023-06-09 22:39 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-06-09 22:34 - 2023-06-09 22:34 - 000001836 _____ C:\Users\nc2un\Desktop\CrystalDiskInfo.lnk
2023-06-09 22:34 - 2023-06-09 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-06-09 22:33 - 2023-06-09 22:34 - 005725496 _____ (Crystal Dew World ) C:\Users\nc2un\Downloads\CrystalDiskInfo9_0_1a.exe
2023-06-09 19:59 - 2023-06-09 19:59 - 002383360 _____ (Farbar) C:\Users\nc2un\Desktop\FRST64.exe
2023-06-08 17:16 - 2023-06-09 13:27 - 000000000 ____D C:\Users\nc2un\Documents\RANDALL STUFF
2023-06-08 16:23 - 2023-06-08 16:23 - 000487423 _____ C:\Users\nc2un\Documents\RKW ID RENEWAL.pdf
2023-06-08 06:41 - 2023-06-08 06:42 - 349210518 _____ C:\Users\nc2un\Documents\regbkup.reg
2023-06-08 06:11 - 2023-06-08 06:11 - 000000610 _____ C:\Users\nc2un\Desktop\Patch My PC Updater.lnk
2023-06-08 04:49 - 2023-06-08 04:49 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2023-06-08 04:44 - 2023-06-08 04:45 - 002596376 _____ (Patch My PC, LLC) C:\Users\nc2un\Downloads\PatchMyPC.exe
2023-06-07 17:17 - 2023-06-07 17:17 - 000004012 _____ C:\Users\nc2un\Documents\TotalAV transcript.txt
2023-06-06 04:54 - 2023-06-06 04:54 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-06-06 00:01 - 2023-06-06 00:01 - 000003768 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2023-06-06 00:01 - 2023-06-06 00:01 - 000002242 _____ C:\Users\nc2un\Desktop\Tweaking.com - Windows Repair.lnk
2023-06-05 23:57 - 2023-06-05 23:58 - 058118520 _____ (Tweaking.com) C:\Users\nc2un\Downloads\tweaking.com_windows_repair_aio_setup.exe
2023-06-05 22:40 - 2023-06-05 22:40 - 000000059 _____ C:\Users\nc2un\Desktop\Home - LexisNexis Digital Library.url
2023-06-05 22:09 - 2023-06-05 22:09 - 000602816 _____ C:\Users\nc2un\Documents\Daily Planner, Time Tracker-1657028606351 (1).pdf
2023-06-05 22:08 - 2023-06-05 22:08 - 000949235 _____ C:\Users\nc2un\Documents\office planner (3).pdf
2023-06-05 22:06 - 2023-06-05 22:07 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2023-06-05 22:06 - 2023-06-05 22:06 - 000000000 ____D C:\Windows\system32\ihvmanager
2023-06-05 21:48 - 2023-06-05 21:48 - 000736096 _____ (Dell Inc.) C:\Users\nc2un\Downloads\SupportAssistLauncher (1).exe
2023-06-05 21:21 - 2023-06-05 21:21 - 000000000 ____D C:\Users\nc2un\Desktop\AFIC DOCS
2023-05-31 16:53 - 2023-05-31 16:53 - 000000000 ____D C:\Windows\system32\Intel
2023-05-31 16:47 - 2023-05-31 16:48 - 009089784 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_HKMCJ_WIN_1.9.60.0_A00.EXE
2023-05-31 16:47 - 2023-05-31 16:47 - 009113712 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_31YHC_WIN_1.9.20.0_A00.EXE
2023-05-31 16:43 - 2023-05-31 16:43 - 008474768 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_JV20K_WIN_1.9.40.0_A00.EXE
2023-05-31 15:58 - 2023-05-31 15:58 - 004137326 _____ C:\Users\nc2un\Downloads\CDW DISC STMT 12.18.21.pdf
2023-05-30 21:20 - 2023-05-31 15:52 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Excel
2023-05-29 20:38 - 2023-05-29 20:39 - 000976959 _____ C:\Users\nc2un\Documents\05.18.23 STMT 1638.pdf
2023-05-29 20:37 - 2023-05-29 20:38 - 000977605 _____ C:\Users\nc2un\Documents\04.18.23 STMT 1638.pdf
2023-05-29 17:45 - 2023-05-29 17:45 - 000000000 ____D C:\Users\nc2un\AppData\Local\ToastNotificationManagerCompat
2023-05-29 17:42 - 2023-05-29 17:42 - 002971376 _____ (OneLaunch ) C:\Users\nc2un\Downloads\OneLaunch - Fun Games_4v5at.exe
2023-05-26 18:17 - 2023-05-26 18:17 - 000000258 __RSH C:\ProgramData\ntuser.pol
2023-05-26 17:52 - 2023-05-26 17:52 - 000002440 _____ C:\Users\nc2un\Desktop\Denise - Chrome.lnk
2023-05-26 17:47 - 2023-06-05 21:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-26 17:47 - 2023-06-05 21:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-05-26 17:44 - 2023-05-26 17:44 - 001369128 _____ (Google LLC) C:\Users\nc2un\Downloads\ChromeSetup.exe
2023-05-25 22:34 - 2023-05-25 22:34 - 000000161 _____ C:\Users\nc2un\Desktop\AESMService- Platform Services initialization failed due to DAL error - Microsoft Community.url
2023-05-25 22:33 - 2023-05-25 22:33 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-05-19 22:57 - 2023-05-19 22:57 - 000000000 ____D C:\EADesktopDev
2023-05-19 11:58 - 2023-05-19 11:58 - 000000000 ____D C:\Users\nc2un\AppData\Local\EALaunchHelper
2023-05-19 11:43 - 2023-05-19 11:43 - 006247912 _____ C:\Users\nc2un\Downloads\avg_secure_browser_setup.exe
2023-05-18 18:51 - 2023-05-18 18:51 - 000000000 ____D C:\Users\nc2un\Documents\Electronic Arts
2023-05-18 18:51 - 2023-05-18 18:51 - 000000000 ____D C:\ProgramData\Origin
2023-05-18 18:50 - 2023-05-18 18:50 - 000001379 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2023-05-18 18:50 - 2023-05-18 18:50 - 000000000 ____D C:\ProgramData\Electronic Arts
2023-05-18 18:49 - 2023-05-18 18:49 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2023-05-18 18:49 - 2023-05-18 17:23 - 000447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2023-05-18 17:15 - 2023-05-18 17:15 - 000000000 ____D C:\Users\nc2un\AppData\Local\cache
2023-05-18 17:14 - 2023-05-18 17:20 - 000000000 ____D C:\Users\nc2un\AppData\Local\Origin
2023-05-18 17:13 - 2023-06-08 05:04 - 000000000 ____D C:\Program Files\Electronic Arts
2023-05-18 17:13 - 2023-05-18 17:22 - 000000000 ____D C:\Program Files\EA Games
2023-05-18 17:01 - 2023-05-18 17:06 - 002485040 _____ (Electronic Arts) C:\Users\nc2un\Downloads\EAappInstaller.exe
2023-05-17 16:14 - 2023-05-17 16:15 - 004661991 _____ C:\Users\nc2un\Documents\n 11th ins.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-10 16:38 - 2023-04-07 02:05 - 000000000 ____D C:\FRST
2023-06-10 16:36 - 2023-04-10 02:09 - 000000000 ____D C:\Users\nc2un\Desktop\FRST-OlderVersion
2023-06-10 16:30 - 2023-02-08 16:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-06-10 16:30 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2023-06-10 16:12 - 2023-01-24 13:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-10 15:55 - 2023-01-26 07:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\CrashDumps
2023-06-10 15:30 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-06-10 11:57 - 2023-01-24 05:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-10 11:57 - 2023-01-24 05:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-09 10:48 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-09 10:48 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2023-06-08 10:28 - 2023-02-12 20:17 - 000000000 ____D C:\Users\nc2un\Documents\Administration of Estate Notes
2023-06-08 06:52 - 2023-01-24 03:57 - 000797554 _____ C:\Windows\system32\PerfStringBackup.INI
2023-06-08 06:48 - 2023-01-24 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-08 06:48 - 2023-01-24 04:09 - 000000000 ____D C:\Intel
2023-06-08 06:48 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
2023-06-08 06:48 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-08 06:47 - 2023-01-30 05:56 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2023-06-08 06:47 - 2023-01-24 05:44 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-08 06:47 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-06-08 06:21 - 2023-01-26 08:07 - 000003554 _____ C:\Windows\system32\Tasks\Patch My PC
2023-06-08 06:11 - 2023-01-26 07:17 - 000000000 ____D C:\PatchMyPCUpdates
2023-06-08 06:10 - 2023-01-24 04:05 - 000000000 ____D C:\Users\nc2un\AppData\Local\Packages
2023-06-08 05:04 - 2023-02-07 17:59 - 000000000 ____D C:\ProgramData\Package Cache
2023-06-08 04:56 - 2023-01-27 01:24 - 000000000 ____D C:\Users\nc2un\AppData\Local\ElevatedDiagnostics
2023-06-08 04:53 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\Dell
2023-06-08 04:49 - 2023-01-26 07:25 - 000000000 ____D C:\Users\nc2un\Desktop\PortableApps
2023-06-08 04:49 - 2023-01-26 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-06-08 04:49 - 2023-01-26 07:18 - 000000000 ____D C:\Program Files\HWiNFO64
2023-06-08 04:49 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-06-07 23:53 - 2023-01-24 04:09 - 000000000 ____D C:\Users\nc2un\AppData\Local\D3DSCache
2023-06-06 09:30 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files (x86)\Dell
2023-06-06 09:30 - 2023-02-08 15:10 - 000000000 ____D C:\ProgramData\Dell
2023-06-06 05:27 - 2023-04-09 15:32 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-06-06 05:12 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-06-06 05:12 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-06-06 04:28 - 2023-02-01 22:03 - 000797554 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2023-06-06 02:11 - 2022-09-07 22:13 - 000000000 ____D C:\Windows\SystemTemp
2023-06-06 01:03 - 2023-01-24 04:02 - 000000000 ____D C:\Users\nc2un
2023-06-06 00:01 - 2023-01-26 07:24 - 000763225 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2023-06-05 22:03 - 2023-02-08 16:01 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2023-06-05 22:01 - 2023-02-08 16:01 - 000000000 ____D C:\Program Files (x86)\Intel
2023-06-05 22:01 - 2023-02-08 16:00 - 000000000 ____D C:\Program Files\Intel
2023-06-05 22:01 - 2023-01-24 04:09 - 000000000 ____D C:\ProgramData\Intel
2023-06-05 21:49 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\dotnet
2023-06-02 12:41 - 2023-01-26 06:37 - 000000000 ____D C:\Users\nc2un\Documents\Christy
2023-05-31 20:42 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2023-05-31 20:20 - 2023-05-01 01:55 - 000000169 _____ C:\Users\nc2un\Documents\DISM and sfc commands.txt
2023-05-31 17:05 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-05-31 16:00 - 2023-02-14 19:25 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-05-31 15:48 - 2023-03-02 04:25 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Word
2023-05-30 23:24 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Credentials
2023-05-30 11:04 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Protect
2023-05-28 01:47 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-05-26 17:46 - 2023-04-20 16:50 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD}
2023-05-26 17:46 - 2023-04-20 16:50 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20}
2023-05-26 11:13 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\SecTaskMan
2023-05-18 18:47 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-05-17 18:35 - 2023-01-24 04:11 - 000000000 ____D C:\Users\nc2un\AppData\Local\PlaceholderTileLogoFolder
2023-05-17 18:35 - 2023-01-24 04:05 - 000000000 ____D C:\ProgramData\Packages
2023-05-14 05:55 - 2023-02-15 17:05 - 000000000 ____D C:\Program Files\Microsoft Office
2023-05-13 20:51 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2023-05-11 19:00 - 2023-01-24 05:45 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-11 19:00 - 2023-01-24 05:45 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2023-03-30 21:54 - 2023-03-30 21:54 - 001908488 _____ (O&O Software GmbH) C:\Program Files\O&&O ShutUp10 1.9.1435_Portable.exe
2023-01-30 02:24 - 2023-01-30 02:24 - 000000017 _____ () C:\Users\nc2un\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



..
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by nc2un (10-06-2023 16:44:45)
Running from C:\Users\nc2un\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2023-01-24 08:52:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2792867324-3544351356-3005626667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2792867324-3544351356-3005626667-503 - Limited - Disabled)
Guest (S-1-5-21-2792867324-3544351356-3005626667-501 - Limited - Disabled)
nc2un (S-1-5-21-2792867324-3544351356-3005626667-1001 - Administrator - Enabled) => C:\Users\nc2un
WDAGUtilityAccount (S-1-5-21-2792867324-3544351356-3005626667-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Belarc Advisor 12.0 (HKLM-x32\...\Belarc Advisor) (Version: 12.0.0.0 - Belarc, Inc.)
CrystalDiskInfo 9.0.1a (HKLM\...\CrystalDiskInfo_is1) (Version: 9.0.1a - Crystal Dew World)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.4.0 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
HWiNFO64 Version 7.46 (HKLM\...\HWiNFO64_is1) (Version: 7.46 - Martin Malik, REALiX s.r.o.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.4.1011 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{CF7581D3-D03E-4229-85AA-90BB0ED637F8}) (Version: 16.8.4.1011 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.37 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
The Simsâ„¢ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.97.62.1020 - Electronic Arts Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-06-06] (INTEL CORP) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt [2023-06-06] (Meta) [Startup Task]
Microsoft 365 -> C:\Program Files\WindowsApps\www.office.com-6A424043_1.0.0.0_neutral__hhrgrbe39qw14 [2023-06-06] (www.office.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [Startup Task]
Paramount+ -> C:\Program Files\WindowsApps\2BDFC20A.CBS_1.0.1.0_neutral__bd059sf7kn2rm [2023-06-06] (CBS Interactive Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-26] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.137.0_x64__pwbj9vvecjh7j [2023-06-07] (Amazon Development Centre (London) Ltd)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.578.564.0_x86__55nm5eh3cm0pr [2023-06-06] (ROBLOX Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Studios) [MS Ad]
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6 [2023-06-06] (Ookla)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{0B95C17C-F335-4C86-863C-230AAF983F0F}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Registry Life\Notifications.dll",Activate -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{5b54b760-8dd0-a58f-c64a-28b87f30392f}\localserver32 -> "C:\Users\nc2un\AppData\Local\OneLaunch\5.16.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{D5C4136A-93E5-4678-A6F8-0B2D9BB10999}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Reg Organizer\Notifications.dll",Activate -ToastActivated => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\nc2un\OneDrive\Desktop\Microsoft 365.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ocdlmjhbenodhlknglojajgokahchlkk --app-url=hxxps://www.office.com/?from=Homescreen --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\Desktop\Denise - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\nc2un\Desktop\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pokmkoiooknndbddmgmaolnlgelpkhep\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe:MBAM.Zone.Identifier [168]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-11-10] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-06-06 04:51 - 2023-06-06 04:51 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 216.167.161.35 - 216.167.161.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "BingWallpaperApp"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1340DFBB-11FE-44A2-B741-93A7A17CA15A}] => (Allow) LPort=5357
FirewallRules: [{B6953DBF-4D83-4E87-8C17-BE75E8BE9CE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BEEDFD90-F582-47D3-B4C8-F4C9A1670086}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3F37C0CE-66F8-4E89-84C3-AA56E6351ABB}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{99790570-E7AB-4693-BDF1-EE2EBD9C2E4A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{020B3694-A562-4F11-BB1F-997216AD36D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BAFA9E1E-D1E8-4D75-9A9E-70F3BFEAE8F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{544FBAE7-7445-4909-96BD-94815613CFDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A7CF758-52E8-48F4-9BF6-831FA138124B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{14B5F3EB-1044-4BAC-9932-0E9BF2CE1767}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2023 03:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.exe_Intel® Rapid Storage Technology, version: 16.8.0.5, time stamp: 0x60c8e632
Faulting module name: Setup.exe, version: 16.8.0.5, time stamp: 0x60c8e632
Exception code: 0xc0000005
Fault offset: 0x000bd2cf
Faulting process id: 0x2124
Faulting application start time: 0x01d99bddd00bbc7c
Faulting application path: C:\Program Files (x86)\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe
Faulting module path: C:\Program Files (x86)\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe
Report Id: 381f8808-6f23-499c-93cd-9822cb594012
Faulting package full name:
Faulting package-relative application ID:

Error: (06/08/2023 05:04:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 05:03:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:53:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:52:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:48:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:48:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:47:04 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "2A0F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "2A0F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1A0F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "1A0F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "D80F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "D80F9924E503" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (06/10/2023 04:30:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/10/2023 04:30:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.


Windows Defender:
================
Date: 2023-06-09 22:39:53
Description:
Controlled Folder Access blocked C:\Program Files\CrystalDiskInfo\DiskInfo64.exe from making changes to memory.
Detection time: 2023-06-10T03:39:53.061Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\CrystalDiskInfo\DiskInfo64.exe
Security intelligence Version: 1.391.986.0
Engine Version: 1.1.23050.3
Product Version: 4.18.23050.3

Date: 2023-06-09 17:16:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-08 17:32:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-07 18:10:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-07 17:56:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-06-06 02:19:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.592.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2023-06-06 02:08:07
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2023-06-10 15:30:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.20.0 07/12/2022
Motherboard: Dell Inc. 0K99NX
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 5975.4 MB
Available physical RAM: 1276.13 MB
Total Virtual: 10759.3 MB
Available Virtual: 3259.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.81 GB) (Free:439.53 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{1539c7d6-be3d-4de4-afc8-d70ebe8380dc}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{49119a6f-7b1b-4159-0b6d-225fdd1c4ab5}\ (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:1.01 GB) NTFS
\\?\Volume{9a598db5-827e-4416-87e0-827a94c50da4}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF287160)

Partition: GPT.

==================== End of Addition.txt =======================
 
Uninstall the two programs as well as this one: Driver Booster 10

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, with these programs, the potential is ever present to cause more problems than they claim to fix.

After all the un-installments, run FRST once more and attach the 2 logs for me to check.
 
I'm new here so I'm not sure if I'm allowed to offer my advice(?) but I own a computer repair store for 13+ years now and two things are very obvious to me here.

1) You have a standard hard disk drive. Hard drives last 3-5 years typically and your computer is older and a laptop, which means the drives go bad quicker.
Buy an SSD - they are cheap. Kingston drives are fine and you can find them on Amazon. I've used thousands of these: https://www.amazon.com/dp/B01N0TQPQB

2) Your RAM is mismatching, and even if it wasn't - I wouldn't run Windows 10 on anything less than 8 GB. Your laptop supports up to 32 GB.
Remove both sticks, put one of these: https://www.amazon.com/Crucial-Single-PC4-19200-SODIMM-260-Pin/dp/B01BIWKP58
It will be faster and feel better

Do those 2 and your laptop will have new life. If you don't care about the data do a new install of Windows 10 after replacing the drive.
 
kidd0 said:
I'm new here so I'm not sure if I'm allowed to offer my advice(?) but I own a computer repair store for 13+ years now and two things are very obvious to me here.

1) You have a standard hard disk drive. Hard drives last 3-5 years typically and your computer is older and a laptop, which means the drives go bad quicker.
Buy an SSD - they are cheap. Kingston drives are fine and you can find them on Amazon. I've used thousands of these: https://www.amazon.com/dp/B01N0TQPQB

2) Your RAM is mismatching, and even if it wasn't - I wouldn't run Windows 10 on anything less than 8 GB. Your laptop supports up to 32 GB.
Remove both sticks, put one of these: https://www.amazon.com/Crucial-Single-PC4-19200-SODIMM-260-Pin/dp/B01BIWKP58
It will be faster and feel better

Do those 2 and your laptop will have new life. If you don't care about the data do a new install of Windows 10 after replacing the drive.
Click to expand...
When I obtained the laptop about 4 months ago, after blowing the power supply on my Lenovo, this Dell laptop had not been used since shortly after it was purchased in 2017, so I wouLd have THOUGHT that since it had not been used much at all, the HDD, and RAM would have been in virtually a "new condition" ? but I could be wrong.

I just went through all the drivers and such at Dell website and updated Every Thing, including BIOS, going 1 x 1 from its creation to present (40 some odd downloads).

All the hardware, including RAM should be what was sent f4om Mfg, bur I haven't looked that closely.

But you're right, all of that upgrading to SDD and matching RAM would be great, I just can't do it at the moment...... I miss my Windows 11 and this one will never ever get there due to its processor. Soooo, im not sure i even want to spend anything upgrading....yet
 
As I mentioned in Post #8 and Kidd0 mentioned now, mismatched RAM is not a good idea. The laptop did not come from Dell this way unless it was reconditioned.
 
DR M said:
Uninstall the two programs as well as this one: Driver Booster 10

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, with these programs, the potential is ever present to cause more problems than they claim to fix.

After all the un-installments, run FRST once more and attach the 2 logs for me to check.
Click to expand...


I did an Install of my BD Total AV, and ran several scans with nothing remarkable, then uninstalled (I forgot to use the Revo Uninstaller to do so)
I then installed and Revo Uninstalled the Spybot Search & Destroy ---- without running it. (It still shows to be installed, but Disabled in my Speccy report)

I've also uninstalled the Driver Booster 10 (which I installed and used as directed in Post #3 above)

I'm going to post the two logs from FRST for you now, and after your response I may have some comments that I would like to make note of..... As I have some persistent Event Logs that are of concern to me, that perhaps you will know how to fix.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2023
Ran by nc2un (administrator) on BLU-SKYZ (Dell Inc. Inspiron 15-3567) (12-06-2023 08:21:02)
Running from C:\Users\nc2un\Desktop\FRST64.exe
Loaded Profiles: nc2un
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_b117548b2e075ba1\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-EDD08BB7-C376-4D99-9D82-B531343 (the data entry has 7 more characters). (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2572960 2021-11-29] (HP Inc. -> Hewlett-Packard Co.)
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741536 2021-11-29] (HP Inc. -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\Windows\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08F6EE39-BB49-40E0-8AE5-EB6D98B7E942} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D2B0645-FCE9-4F93-805A-9751CCD05CFB} - System32\Tasks\DelayedItemsByChemtableSoftware\Spy Protector => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
Task: {26ECDF3E-36A5-4025-AF9C-6C5F6AA920DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {38B53D42-138D-4DA6-A032-FE2432A64DE0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {42FA2E82-F92F-4BDC-A52A-6720F5F64585} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {449993A9-17B5-4A72-9F32-BAC20432724E} - System32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {5BB03B07-45BA-4A42-B185-CE297786DA6C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DE17E1B-1086-426C-91EA-A4B03EA3B9E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6CE5DBFC-480C-4FB1-96D2-4BA8AF5BEF33} - System32\Tasks\Patch My PC => C:\Users\nc2un\Downloads\PatchMyPC.exe [2596376 2023-06-08] (Patch My PC, LLC -> Patch My PC, LLC)
Task: {72D92EB0-27C0-45E6-BA0F-9014271C0E5B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {83E696D6-8B4D-4190-A9C1-8ACB6F287AD6} - System32\Tasks\DelayedItemsByChemtableSoftware\IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
Task: {8A9F745D-8F3C-4160-BDB9-86FD3FDD6AFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A542FBFE-1318-4127-91FB-A0CB6BC91BCE} - System32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-05-26] (Google LLC -> Google LLC)
Task: {B28A162C-4BC6-4660-8354-DE01F3ED4848} - System32\Tasks\DelayedItemsByChemtableSoftware\SecurityHealth => C:\Windows\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C5B0C8AC-8013-4E8E-9A56-73148840FEAE} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-2792867324-3544351356-3005626667-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2157304 2023-06-02] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {D5AFD2EC-270F-4417-B966-C50BD39864A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D793B263-7BE3-4095-8252-FD85FBDC4364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 216.167.161.35 216.167.161.36
Tcpip\..\Interfaces\{8fa5c09c-6499-47e9-ac82-1a13d14702d2}: [DhcpNameServer] 216.167.161.35 216.167.161.36
Tcpip\..\Interfaces\{bac7db2f-cd52-4701-bc93-fb56cc3c2ff1}: [DhcpNameServer] 216.167.161.35 216.167.161.36

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-12]
Edge Notifications: Default -> hxxps://www.paramountplus.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-06-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-05-26]
Edge Extension: (DuckDuckGo) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-06-08]
Edge Extension: (Turn Off the Lights) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmamkbgpnienhphflfdamlhnljffjdgm [2023-02-08]
Edge Extension: (Edge relevant text changes) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-27]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-02-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default [2023-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-20]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-26]
CHR Extension: (No Name) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2023-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-26]
CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-30]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [414728 2017-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Browser; %SystemRoot%\System32\browser.dll [X]
S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe" [X]
S2 Intel(R) TPM Provisioning Service; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [280064 2023-01-24] (Microsoft Corporation) [File not signed]
S3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 HWiNFO_174; no ImagePath
S3 MpKsl324a5b42; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FB52445-6A7E-43E7-AEC4-CBD692B3510D}\MpKslDrv.sys [213288 2023-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsleea3df57; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FB52445-6A7E-43E7-AEC4-CBD692B3510D}\MpKslDrv.sys [213288 2023-06-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-12 08:21 - 2023-06-12 08:23 - 000017742 _____ C:\Users\nc2un\Desktop\FRST.txt
2023-06-12 08:20 - 2023-06-12 08:20 - 002382848 _____ (Farbar) C:\Users\nc2un\Desktop\FRST64.exe
2023-06-12 06:37 - 2023-06-12 06:38 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5 (1).exe
2023-06-12 06:31 - 2023-06-12 06:31 - 000084036 _____ C:\ProgramData\agent.uninstall.1686569457.bdinstall.v2.bin
2023-06-12 06:07 - 2023-06-12 06:07 - 000431756 _____ C:\ProgramData\cl.uninstall.1686565286.bdinstall.v2.bin
2023-06-11 19:27 - 2023-06-11 19:27 - 003233432 _____ C:\Users\nc2un\Documents\Scan.pdf
2023-06-11 17:49 - 2023-06-11 17:49 - 000002301 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2023-06-11 17:49 - 2023-06-11 17:49 - 000001241 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2023-06-11 17:49 - 2021-11-29 20:59 - 000741536 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2023-06-11 17:48 - 2023-06-11 17:48 - 000000000 ____D C:\Program Files\HP
2023-06-11 17:47 - 2023-06-11 17:47 - 031501736 _____ C:\Users\nc2un\Downloads\Basic_Webpack_x64-1312-OJ8600_Basicx64_Webpack.exe
2023-06-11 17:39 - 2023-06-11 20:17 - 000000000 ___RD C:\Users\nc2un\Documents\Scanned Documents
2023-06-11 17:39 - 2023-06-11 17:39 - 000000000 ____D C:\Users\nc2un\Documents\Fax
2023-06-10 21:45 - 2023-05-25 22:34 - 000000161 _____ C:\Users\nc2un\Desktop\AESMService- Platform Services initialization failed due to DAL error - Microsoft Community - Copy.url
2023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin
2023-06-10 17:24 - 2023-06-10 17:24 - 000000020 _____ C:\Windows\system32\Caad.db
2023-06-10 17:22 - 2023-06-10 17:26 - 000000000 ____D C:\Users\nc2un\Desktop\BDef Vulnerability Scan Results
2023-06-10 17:09 - 2023-06-10 17:09 - 000229652 _____ C:\ProgramData\vpn.1686434925.bdinstall.v2.bin
2023-06-10 17:07 - 2023-06-10 17:07 - 000102644 _____ C:\ProgramData\agent.update.1686434845.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000643364 _____ C:\ProgramData\cl.1686434002.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000115216 _____ C:\ProgramData\cl.kit.1686433983.bdinstall.v2.bin
2023-06-10 16:50 - 2023-06-10 16:56 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5.exe
2023-06-10 16:49 - 2023-06-10 16:49 - 000160116 _____ C:\ProgramData\agent.1686433752.bdinstall.v2.bin
2023-06-10 16:30 - 2023-06-10 16:31 - 000000000 ____D C:\Program Files (x86)\Qualcomm Wireless
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\system32\nn-NO
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Windows\Options
2023-06-10 16:30 - 2023-06-10 16:30 - 000000000 ____D C:\Program Files (x86)\Cisco
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athw10x.sys
2023-06-10 16:30 - 2018-05-27 21:43 - 004322672 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2023-06-10 16:30 - 2014-05-13 21:07 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2023-06-10 16:30 - 2014-05-13 21:06 - 000440320 ____N (Atheros) C:\Windows\system32\athihvs.dll
2023-06-10 16:28 - 2023-06-10 16:28 - 099715840 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Wireless-1707-Qualcomm-9565-WiFi-and-Bluetooth_G66T8_WIN_10.0.3.458_A13_01.EXE
2023-06-10 02:59 - 2023-06-12 07:35 - 000000000 ____D C:\ProgramData\ProductData
2023-06-10 02:59 - 2023-06-10 02:59 - 000000000 ____D C:\Users\nc2un\AppData\LocalLow\IObit
2023-06-10 02:58 - 2023-06-12 07:35 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\IObit
2023-06-10 02:58 - 2023-06-10 02:59 - 000000000 ____D C:\ProgramData\IObit
2023-06-09 22:34 - 2023-06-09 22:39 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-06-09 22:34 - 2023-06-09 22:34 - 000001836 _____ C:\Users\nc2un\Desktop\CrystalDiskInfo.lnk
2023-06-09 22:34 - 2023-06-09 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-06-09 22:33 - 2023-06-09 22:34 - 005725496 _____ (Crystal Dew World ) C:\Users\nc2un\Downloads\CrystalDiskInfo9_0_1a.exe
2023-06-08 17:16 - 2023-06-11 19:36 - 000000000 ____D C:\Users\nc2un\Documents\RANDALL STUFF
2023-06-08 06:41 - 2023-06-08 06:42 - 349210518 _____ C:\Users\nc2un\Documents\regbkup.reg
2023-06-08 06:11 - 2023-06-08 06:11 - 000000610 _____ C:\Users\nc2un\Desktop\Patch My PC Updater.lnk
2023-06-08 04:49 - 2023-06-08 04:49 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2023-06-08 04:44 - 2023-06-08 04:45 - 002596376 _____ (Patch My PC, LLC) C:\Users\nc2un\Downloads\PatchMyPC.exe
2023-06-06 04:54 - 2023-06-06 04:54 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-06-06 00:01 - 2023-06-06 00:01 - 000003768 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2023-06-06 00:01 - 2023-06-06 00:01 - 000002242 _____ C:\Users\nc2un\Desktop\Tweaking.com - Windows Repair.lnk
2023-06-05 23:57 - 2023-06-05 23:58 - 058118520 _____ (Tweaking.com) C:\Users\nc2un\Downloads\tweaking.com_windows_repair_aio_setup.exe
2023-06-05 22:40 - 2023-06-05 22:40 - 000000059 _____ C:\Users\nc2un\Desktop\Home - LexisNexis Digital Library.url
2023-06-05 22:09 - 2023-06-05 22:09 - 000602816 _____ C:\Users\nc2un\Desktop\Daily Planner, Time Tracker-1657028606351 (1).pdf
2023-06-05 22:08 - 2023-06-05 22:08 - 000949235 _____ C:\Users\nc2un\Desktop\office planner (3).pdf
2023-06-05 22:06 - 2023-06-05 22:07 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2023-06-05 22:06 - 2023-06-05 22:06 - 000000000 ____D C:\Windows\system32\ihvmanager
2023-06-05 21:48 - 2023-06-05 21:48 - 000736096 _____ (Dell Inc.) C:\Users\nc2un\Downloads\SupportAssistLauncher (1).exe
2023-06-05 21:21 - 2023-06-11 20:00 - 000000000 ____D C:\Users\nc2un\Documents\AFIC DOCS
2023-05-31 16:53 - 2023-05-31 16:53 - 000000000 ____D C:\Windows\system32\Intel
2023-05-31 16:47 - 2023-05-31 16:48 - 009089784 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_HKMCJ_WIN_1.9.60.0_A00.EXE
2023-05-31 16:47 - 2023-05-31 16:47 - 009113712 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_31YHC_WIN_1.9.20.0_A00.EXE
2023-05-31 16:43 - 2023-05-31 16:43 - 008474768 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Dell-Update-Application_JV20K_WIN_1.9.40.0_A00.EXE
2023-05-31 15:58 - 2023-05-31 15:58 - 004137326 _____ C:\Users\nc2un\Downloads\CDW DISC STMT 12.18.21.pdf
2023-05-30 21:20 - 2023-05-31 15:52 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Excel
2023-05-29 17:45 - 2023-05-29 17:45 - 000000000 ____D C:\Users\nc2un\AppData\Local\ToastNotificationManagerCompat
2023-05-29 17:42 - 2023-05-29 17:42 - 002971376 _____ (OneLaunch ) C:\Users\nc2un\Downloads\OneLaunch - Fun Games_4v5at.exe
2023-05-26 18:17 - 2023-05-26 18:17 - 000000258 __RSH C:\ProgramData\ntuser.pol
2023-05-26 17:52 - 2023-05-26 17:52 - 000002440 _____ C:\Users\nc2un\Desktop\Denise - Chrome.lnk
2023-05-26 17:47 - 2023-06-05 21:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-26 17:47 - 2023-06-05 21:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-05-26 17:44 - 2023-05-26 17:44 - 001369128 _____ (Google LLC) C:\Users\nc2un\Downloads\ChromeSetup.exe
2023-05-25 22:34 - 2023-05-25 22:34 - 000000161 _____ C:\Users\nc2un\Desktop\AESMService- Platform Services initialization failed due to DAL error - Microsoft Community.url
2023-05-25 22:33 - 2023-05-25 22:33 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-05-19 22:57 - 2023-05-19 22:57 - 000000000 ____D C:\EADesktopDev
2023-05-19 11:58 - 2023-05-19 11:58 - 000000000 ____D C:\Users\nc2un\AppData\Local\EALaunchHelper
2023-05-19 11:43 - 2023-05-19 11:43 - 006247912 _____ C:\Users\nc2un\Downloads\avg_secure_browser_setup.exe
2023-05-18 18:51 - 2023-05-18 18:51 - 000000000 ____D C:\Users\nc2un\Documents\Electronic Arts
2023-05-18 18:51 - 2023-05-18 18:51 - 000000000 ____D C:\ProgramData\Origin
2023-05-18 18:50 - 2023-05-18 18:50 - 000001379 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2023-05-18 18:50 - 2023-05-18 18:50 - 000000000 ____D C:\ProgramData\Electronic Arts
2023-05-18 18:49 - 2023-05-18 18:49 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2023-05-18 18:49 - 2023-05-18 17:23 - 000447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2023-05-18 17:15 - 2023-05-18 17:15 - 000000000 ____D C:\Users\nc2un\AppData\Local\cache
2023-05-18 17:14 - 2023-05-18 17:20 - 000000000 ____D C:\Users\nc2un\AppData\Local\Origin
2023-05-18 17:13 - 2023-06-08 05:04 - 000000000 ____D C:\Program Files\Electronic Arts
2023-05-18 17:13 - 2023-05-18 17:22 - 000000000 ____D C:\Program Files\EA Games
2023-05-18 17:01 - 2023-05-18 17:06 - 002485040 _____ (Electronic Arts) C:\Users\nc2un\Downloads\EAappInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-12 08:22 - 2023-04-07 02:05 - 000000000 ____D C:\FRST
2023-06-12 08:20 - 2023-04-10 02:09 - 000000000 ____D C:\Users\nc2un\Desktop\FRST-OlderVersion
2023-06-12 08:14 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-12 07:51 - 2023-01-24 13:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-12 07:48 - 2023-01-24 03:57 - 000797554 _____ C:\Windows\system32\PerfStringBackup.INI
2023-06-12 07:48 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2023-06-12 07:46 - 2023-01-24 21:03 - 000000000 ____D C:\Program Files\Speccy
2023-06-12 07:43 - 2023-01-24 05:44 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-12 07:43 - 2023-01-24 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-12 07:43 - 2023-01-24 04:09 - 000000000 ____D C:\Intel
2023-06-12 07:43 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
2023-06-12 07:42 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-06-12 06:54 - 2023-01-29 14:30 - 000000085 _____ C:\Windows\wininit.ini
2023-06-12 06:25 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-06-11 21:41 - 2023-01-26 06:37 - 000000000 ____D C:\Users\nc2un\Documents\Christy
2023-06-11 19:36 - 2023-02-08 15:52 - 000000000 ____D C:\Users\nc2un\Documents\Dell
2023-06-11 17:49 - 2023-02-09 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2023-06-11 17:48 - 2023-02-09 14:33 - 000000000 ____D C:\ProgramData\HP
2023-06-11 17:48 - 2023-02-09 14:28 - 000000000 ____D C:\Program Files (x86)\HP
2023-06-10 19:40 - 2023-02-08 16:01 - 000000000 ____D C:\Program Files (x86)\Intel
2023-06-10 18:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-10 18:11 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2023-06-10 18:10 - 2023-02-08 16:00 - 000000000 ____D C:\Program Files\Intel
2023-06-10 17:00 - 2019-12-07 04:03 - 000065536 _____ C:\Windows\system32\config\ELAM
2023-06-10 16:30 - 2023-02-08 16:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-06-10 15:55 - 2023-01-26 07:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\CrashDumps
2023-06-10 11:57 - 2023-01-24 05:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-10 11:57 - 2023-01-24 05:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-08 10:28 - 2023-02-12 20:17 - 000000000 ____D C:\Users\nc2un\Documents\Administration of Estate Notes
2023-06-08 06:47 - 2023-01-30 05:56 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2023-06-08 06:21 - 2023-01-26 08:07 - 000003554 _____ C:\Windows\system32\Tasks\Patch My PC
2023-06-08 06:11 - 2023-01-26 07:17 - 000000000 ____D C:\PatchMyPCUpdates
2023-06-08 06:10 - 2023-01-24 04:05 - 000000000 ____D C:\Users\nc2un\AppData\Local\Packages
2023-06-08 05:04 - 2023-02-07 17:59 - 000000000 ____D C:\ProgramData\Package Cache
2023-06-08 04:56 - 2023-01-27 01:24 - 000000000 ____D C:\Users\nc2un\AppData\Local\ElevatedDiagnostics
2023-06-08 04:53 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\Dell
2023-06-08 04:49 - 2023-01-26 07:25 - 000000000 ____D C:\Users\nc2un\Desktop\PortableApps
2023-06-08 04:49 - 2023-01-26 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-06-08 04:49 - 2023-01-26 07:18 - 000000000 ____D C:\Program Files\HWiNFO64
2023-06-08 04:49 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-06-07 23:53 - 2023-01-24 04:09 - 000000000 ____D C:\Users\nc2un\AppData\Local\D3DSCache
2023-06-06 09:30 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files (x86)\Dell
2023-06-06 09:30 - 2023-02-08 15:10 - 000000000 ____D C:\ProgramData\Dell
2023-06-06 05:27 - 2023-04-09 15:32 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-06-06 05:12 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-06-06 05:12 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-06-06 04:28 - 2023-02-01 22:03 - 000797554 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2023-06-06 02:11 - 2022-09-07 22:13 - 000000000 ____D C:\Windows\SystemTemp
2023-06-06 01:03 - 2023-01-24 04:02 - 000000000 ____D C:\Users\nc2un
2023-06-06 00:01 - 2023-01-26 07:24 - 000763225 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2023-06-05 22:03 - 2023-02-08 16:01 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}
2023-06-05 22:01 - 2023-01-24 04:09 - 000000000 ____D C:\ProgramData\Intel
2023-06-05 21:49 - 2023-02-08 15:11 - 000000000 ____D C:\Program Files\dotnet
2023-05-31 20:42 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2023-05-31 17:05 - 2023-01-24 05:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-05-31 16:00 - 2023-02-14 19:25 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-05-31 15:48 - 2023-03-02 04:25 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Word
2023-05-30 23:24 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Credentials
2023-05-30 11:04 - 2023-01-24 04:02 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Protect
2023-05-28 01:47 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-05-26 17:46 - 2023-04-20 16:50 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{FFC92DDF-B563-4FFC-AAB6-D94CCB6EEADD}
2023-05-26 17:46 - 2023-04-20 16:50 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{FD396B14-A751-47AF-92A9-184571D51F20}
2023-05-26 11:13 - 2023-01-24 13:48 - 000000000 ____D C:\ProgramData\SecTaskMan
2023-05-18 18:47 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-05-17 18:35 - 2023-01-24 04:11 - 000000000 ____D C:\Users\nc2un\AppData\Local\PlaceholderTileLogoFolder
2023-05-17 18:35 - 2023-01-24 04:05 - 000000000 ____D C:\ProgramData\Packages
2023-05-14 05:55 - 2023-02-15 17:05 - 000000000 ____D C:\Program Files\Microsoft Office
2023-05-13 20:51 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ========

2023-03-30 21:54 - 2023-03-30 21:54 - 001908488 _____ (O&O Software GmbH) C:\Program Files\O&&O ShutUp10 1.9.1435_Portable.exe
2023-01-30 02:24 - 2023-01-30 02:24 - 000000017 _____ () C:\Users\nc2un\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2023
Ran by nc2un (12-06-2023 08:27:15)
Running from C:\Users\nc2un\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2023-01-24 08:52:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2792867324-3544351356-3005626667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2792867324-3544351356-3005626667-503 - Limited - Disabled)
Guest (S-1-5-21-2792867324-3544351356-3005626667-501 - Limited - Disabled)
nc2un (S-1-5-21-2792867324-3544351356-3005626667-1001 - Administrator - Enabled) => C:\Users\nc2un
WDAGUtilityAccount (S-1-5-21-2792867324-3544351356-3005626667-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Belarc Advisor 12.0 (HKLM-x32\...\Belarc Advisor) (Version: 12.0.0.0 - Belarc, Inc.)
CrystalDiskInfo 9.0.1a (HKLM\...\CrystalDiskInfo_is1) (Version: 9.0.1a - Crystal Dew World)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8B9CA8CE-6BE2-4107-85BA-773EB0F2073E}) (Version: 28.1.1312.0 - Hewlett-Packard Co.)
HWiNFO64 Version 7.46 (HKLM\...\HWiNFO64_is1) (Version: 7.46 - Martin Malik, REALiX s.r.o.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
The Simsâ„¢ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.97.62.1020 - Electronic Arts Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-06-06] (INTEL CORP) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1870.16.215.0_x64__8xx8rvfyw5nnt [2023-06-06] (Meta) [Startup Task]
Microsoft 365 -> C:\Program Files\WindowsApps\www.office.com-6A424043_1.0.0.0_neutral__hhrgrbe39qw14 [2023-06-06] (www.office.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation) [Startup Task]
Paramount+ -> C:\Program Files\WindowsApps\2BDFC20A.CBS_1.0.1.0_neutral__bd059sf7kn2rm [2023-06-06] (CBS Interactive Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-26] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.137.0_x64__pwbj9vvecjh7j [2023-06-07] (Amazon Development Centre (London) Ltd)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.578.564.0_x86__55nm5eh3cm0pr [2023-06-06] (ROBLOX Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Studios) [MS Ad]
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6 [2023-06-06] (Ookla)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{0B95C17C-F335-4C86-863C-230AAF983F0F}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Registry Life\Notifications.dll",Activate -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{5b54b760-8dd0-a58f-c64a-28b87f30392f}\localserver32 -> "C:\Users\nc2un\AppData\Local\OneLaunch\5.16.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{D5C4136A-93E5-4678-A6F8-0B2D9BB10999}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Reg Organizer\Notifications.dll",Activate -ToastActivated => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2023-05-18] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\nc2un\OneDrive\Desktop\Microsoft 365.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ocdlmjhbenodhlknglojajgokahchlkk --app-url=hxxps://www.office.com/?from=Homescreen --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\Desktop\Denise - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\nc2un\Desktop\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4
ShortcutWithArgument: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pokmkoiooknndbddmgmaolnlgelpkhep\Paramount+.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pokmkoiooknndbddmgmaolnlgelpkhep --app-url=hxxps://www.paramountplus.com/ --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nc2un\Downloads\Basic_Webpack_x64-1312-OJ8600_Basicx64_Webpack.exe:BDU [0]
AlternateDataStreams: C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe:MBAM.Zone.Identifier [168]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-11-10] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-06-06 04:51 - 2023-06-06 04:51 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 216.167.161.35 - 216.167.161.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "BingWallpaperApp"
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1340DFBB-11FE-44A2-B741-93A7A17CA15A}] => (Allow) LPort=5357
FirewallRules: [{B6953DBF-4D83-4E87-8C17-BE75E8BE9CE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BEEDFD90-F582-47D3-B4C8-F4C9A1670086}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3F37C0CE-66F8-4E89-84C3-AA56E6351ABB}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{020B3694-A562-4F11-BB1F-997216AD36D5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BAFA9E1E-D1E8-4D75-9A9E-70F3BFEAE8F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{544FBAE7-7445-4909-96BD-94815613CFDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A7CF758-52E8-48F4-9BF6-831FA138124B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{14B5F3EB-1044-4BAC-9932-0E9BF2CE1767}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A50EE4CF-10DB-423B-A7B7-35D7A0079F92}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FFDB0376-6026-4810-8E5B-726EBA879019}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{9B367FDA-013A-4E2E-A7C1-DA5D13BC7E45}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{72776D45-4F26-4454-BC42-60FE8AF4BD72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{0CBCC599-1EB4-47D1-9BB2-B5018935123E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{D957DBDB-EDE0-4E15-A081-86C307617A07}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{11C2D13B-B3D8-4F3D-9DFA-0416CFF6E325}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Co.)

==================== Restore Points =========================

11-06-2023 18:10:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/12/2023 06:54:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFSSvc.exe, version: 2.9.85.231, time stamp: 0x63ebb1a4
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2965, time stamp: 0xf18c1c30
Exception code: 0x0eedfade
Fault offset: 0x0013d6c2
Faulting process id: 0x10f4
Faulting application start time: 0x01d99d23ee67d304
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 1b8f652c-c03d-4148-be7a-cefa2f5d6625
Faulting package full name:
Faulting package-relative application ID:

Error: (06/11/2023 11:06:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PrimeVideo.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 226c

Start Time: 01d99ce25a8ab703

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.137.0_x64__pwbj9vvecjh7j\PrimeVideo.exe

Report Id: 9797e0b2-4d07-4ebf-8eb8-fde9483d2db5

Faulting package full name: AmazonVideo.PrimeVideo_1.0.137.0_x64__pwbj9vvecjh7j

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (06/10/2023 04:58:03 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (06/10/2023 03:55:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.exe_Intel® Rapid Storage Technology, version: 16.8.0.5, time stamp: 0x60c8e632
Faulting module name: Setup.exe, version: 16.8.0.5, time stamp: 0x60c8e632
Exception code: 0xc0000005
Fault offset: 0x000bd2cf
Faulting process id: 0x2124
Faulting application start time: 0x01d99bddd00bbc7c
Faulting application path: C:\Program Files (x86)\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe
Faulting module path: C:\Program Files (x86)\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe
Report Id: 381f8808-6f23-499c-93cd-9822cb594012
Faulting package full name:
Faulting package-relative application ID:

Error: (06/08/2023 05:04:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 05:03:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:53:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/08/2023 04:52:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (06/12/2023 07:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cpuz143 service failed to start due to the following error:
A certificate was explicitly revoked by its issuer.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/12/2023 07:45:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (06/12/2023 07:43:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2023-06-12 07:46:33
Description:
Controlled Folder Access blocked C:\Program Files\Speccy\Speccy64.exe from making changes to memory.
Detection time: 2023-06-12T12:46:33.712Z
Path: \Device\CdRom0
Process Name: C:\Program Files\Speccy\Speccy64.exe
Security intelligence Version: 1.391.1203.0
Engine Version: 1.1.23050.3
Product Version: 4.18.23050.3

Date: 2023-06-12 06:25:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-12 05:51:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 22:39:53
Description:
Controlled Folder Access blocked C:\Program Files\CrystalDiskInfo\DiskInfo64.exe from making changes to memory.
Detection time: 2023-06-10T03:39:53.061Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\CrystalDiskInfo\DiskInfo64.exe
Security intelligence Version: 1.391.986.0
Engine Version: 1.1.23050.3
Product Version: 4.18.23050.3

Date: 2023-06-09 17:16:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-06-06 02:19:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.592.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2023-06-06 02:08:07
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-05-23 16:14:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1993.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2023-06-12 07:46:29
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Users\nc2un\AppData\Local\Temp\cpuz143\cpuz143_x64.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).

Date: 2023-06-12 07:46:29
Description:
The driver \Device\HarddiskVolume3\Users\nc2un\AppData\Local\Temp\cpuz143\cpuz143_x64.sys is blocked from loading as the driver has been revoked by Microsoft.

Date: 2023-06-12 07:46:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-06-12 05:51:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\266479308497162704\antimalware_provider64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 2.20.0 07/12/2022
Motherboard: Dell Inc. 0K99NX
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 5975.4 MB
Available physical RAM: 1991.83 MB
Total Virtual: 10583.4 MB
Available Virtual: 6649.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.81 GB) (Free:432.1 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{1539c7d6-be3d-4de4-afc8-d70ebe8380dc}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{49119a6f-7b1b-4159-0b6d-225fdd1c4ab5}\ (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:1.01 GB) NTFS
\\?\Volume{9a598db5-827e-4416-87e0-827a94c50da4}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF287160)

Partition: GPT.

==================== End of Addition.txt =======================
 
Last edited:
Corday said:
Reinstall BD & Spybot. Download Revo Uninstaller (Free) and completely uninstall both. If no good, run a memory test of your Ram, both slots. If OK they still might not be colpletely compatible with each other. I don't like to mix brands.
Click to expand...


I did not forget your advice. It just takes me a little time.

Log Name: System
Source: Microsoft-Windows-MemoryDiagnostics-Results
Date: 6/12/2023 9:18:06 AM
Event ID: 1101
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Blu-Skyz
Description:
The Windows Memory Diagnostic tested the computer's memory and detected no errors
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MemoryDiagnostics-Results" Guid="{5f92bc59-248f-4111-86a9-e393e12c6139}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-06-12T14:18:06.9667516Z" />
<EventRecordID>52456</EventRecordID>
<Correlation />
<Execution ProcessID="6128" ThreadID="6140" />
<Channel>System</Channel>
<Computer>Blu-Skyz</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<Results xmlns="http://manifests.microsoft.com/win/2005/08/windows/Reliability/Postboot/Events">
<LaunchType>Manual</LaunchType>
<CompletionType>Pass</CompletionType>
<MemorySize>5975</MemorySize>
<TestType>10</TestType>
<TestDuration>828</TestDuration>
<TestCount>12</TestCount>
<NumPagesTested>1482124</NumPagesTested>
<NumPagesUnTested>1763</NumPagesUnTested>
<NumBadPages>0</NumBadPages>
<T1NumBadPages>0</T1NumBadPages>
<T2NumBadPages>0</T2NumBadPages>
<T3NumBadPages>0</T3NumBadPages>
<T4NumBadPages>0</T4NumBadPages>
<T5NumBadPages>0</T5NumBadPages>
<T6NumBadPages>0</T6NumBadPages>
<T7NumBadPages>0</T7NumBadPages>
<T8NumBadPages>0</T8NumBadPages>
<T9NumBadPages>0</T9NumBadPages>
<T10NumBadPages>0</T10NumBadPages>
<T11NumBadPages>0</T11NumBadPages>
<T12NumBadPages>0</T12NumBadPages>
<T13NumBadPages>0</T13NumBadPages>
<T14NumBadPages>0</T14NumBadPages>
<T15NumBadPages>0</T15NumBadPages>
<T16NumBadPages>0</T16NumBadPages>
</Results>
</UserData>
</Event>


Log Name: System
Source: Microsoft-Windows-MemoryDiagnostics-Results
Date: 6/12/2023 9:18:06 AM
Event ID: 1201
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Blu-Skyz
Description:
The Windows Memory Diagnostic tested the computer's memory and detected no errors
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MemoryDiagnostics-Results" Guid="{5f92bc59-248f-4111-86a9-e393e12c6139}" />
<EventID>1201</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-06-12T14:18:06.9667531Z" />
<EventRecordID>52457</EventRecordID>
<Correlation />
<Execution ProcessID="6128" ThreadID="6140" />
<Channel>System</Channel>
<Computer>Blu-Skyz</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<Results xmlns="http://manifests.microsoft.com/win/2005/08/windows/Reliability/Postboot/Events">
<CompletionType>Pass</CompletionType>
</Results>
</UserData>
</Event>
 
Hi.

We are going to clean the computer and do some maintenance/repair, procedures that need a careful implementation of the instructions with the correct sequence. If there is no improvement, then you I'll let you know that you can follow the other colleagues' recommendations which will be out of my area of knowledge. But for now, please concentrate to my instructions.

Also, please consider the following:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

As to the following comment by you:

Went to BC, which is my home, but instead of my regular, who knows me and can be quick
a student jumped in and grabbed my post --- i didn't have time for an 8 hour hard drive scan at that
time and then I had to work on saving some properties from foreclosure on my father's Estate. .

life happens. I hate it. True Story.
Click to expand...

You are very welcome here, but you shouldn't be impatient and leave from the topic there. As I stated above, we are all volunteers, and as you stated above, life happens. So... please be patient.


=========================

My first comments/instructions regarding your logs:


1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-EDD08BB7-C376-4D99-9D82-B531343 (the data entry has 7 more characters). (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
2023-06-12 06:37 - 2023-06-12 06:38 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5 (1).exe
2023-06-12 06:31 - 2023-06-12 06:31 - 000084036 _____ C:\ProgramData\agent.uninstall.1686569457.bdinstall.v2.bin
2023-06-12 06:07 - 2023-06-12 06:07 - 000431756 _____ C:\ProgramData\cl.uninstall.1686565286.bdinstall.v2.bin
2023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin
023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin
2023-06-10 17:24 - 2023-06-10 17:24 - 000000020 _____ C:\Windows\system32\Caad.db
2023-06-10 17:22 - 2023-06-10 17:26 - 000000000 ____D C:\Users\nc2un\Desktop\BDef Vulnerability Scan Results
2023-06-10 17:09 - 2023-06-10 17:09 - 000229652 _____ C:\ProgramData\vpn.1686434925.bdinstall.v2.bin
2023-06-10 17:07 - 2023-06-10 17:07 - 000102644 _____ C:\ProgramData\agent.update.1686434845.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000643364 _____ C:\ProgramData\cl.1686434002.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000115216 _____ C:\ProgramData\cl.kit.1686433983.bdinstall.v2.bin
2023-06-10 16:50 - 2023-06-10 16:56 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5.exe
2023-06-10 16:49 - 2023-06-10 16:49 - 000160116 _____ C:\ProgramData\agent.1686433752.bdinstall.v2.bin
2023-06-10 02:59 - 2023-06-12 07:35 - 000000000 ____D C:\ProgramData\ProductData
2023-06-10 02:59 - 2023-06-10 02:59 - 000000000 ____D C:\Users\nc2un\AppData\LocalLow\IObit
2023-06-10 02:58 - 2023-06-12 07:35 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\IObit
2023-06-10 02:58 - 2023-06-10 02:59 - 000000000 ____D C:\ProgramData\IObit
C:\Program Files\Common Files\Bitdefender
C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{0B95C17C-F335-4C86-863C-230AAF983F0F}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Registry Life\Notifications.dll",Activate -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{5b54b760-8dd0-a58f-c64a-28b87f30392f}\localserver32 -> "C:\Users\nc2un\AppData\Local\OneLaunch\5.16.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{D5C4136A-93E5-4678-A6F8-0B2D9BB10999}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Reg Organizer\Notifications.dll",Activate -ToastActivated => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
AlternateDataStreams: C:\Users\nc2un\Downloads\Basic_Webpack_x64-1312-OJ8600_Basicx64_Webpack.exe:BDU [0]
AlternateDataStreams: C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe:MBAM.Zone.Identifier [168]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLHKLM\...\StartupApproved\Run: => "BdVpnApp"M\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKLM\...\StartupApproved\Run: => "CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B"
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
cmd: netsh winsock reset
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

3. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 
DR M said:
You are very welcome here, but you shouldn't be impatient and leave from the topic there. As I stated above, we are all volunteers, and as you stated above, life happens. So... please be patient.
Click to expand...
Just want to clear this up really quick at the top of the post here: My "Regular who knows me" was the one who told me Where to Post,
What to Title my Topic (with his name in the topic),
and my post was intended for His Support, and
...... A Student jumped in.

I tried working with him, but I wasn't asking him to analyze me for malware, or failed hardware, or anything other than "cleanup" at that time.
I'm also not completely computer illiterate, and by the time I arrive at a forum asking for help, I have an idea of what may or may not be wrong
- i just don't know how to fix it EASILY, and have no more time to study about it.

I am a patient gal :) I've read your post entirely and ready to begin.
_______________________________________


Sooo... I'll start by saying that while FRST fix was running I got a notification from Windows Security stating that Controlled Folder Access blocked FRST from making some changes. While i was SS'ing that, apparently MS Edge closed and reopened with my previous tabs - minus - this Sysnative tab.

Here is fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2023
Ran by nc2un (12-06-2023 22:22:02) Run:1
Running from C:\Users\nc2un\Desktop
Loaded Profiles: nc2un
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-EDD08BB7-C376-4D99-9D82-B531343 (the data entry has 7 more characters). (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
2023-06-12 06:37 - 2023-06-12 06:38 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5 (1).exe
2023-06-12 06:31 - 2023-06-12 06:31 - 000084036 _____ C:\ProgramData\agent.uninstall.1686569457.bdinstall.v2.bin
2023-06-12 06:07 - 2023-06-12 06:07 - 000431756 _____ C:\ProgramData\cl.uninstall.1686565286.bdinstall.v2.bin
2023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin
023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin
2023-06-10 17:24 - 2023-06-10 17:24 - 000000020 _____ C:\Windows\system32\Caad.db
2023-06-10 17:22 - 2023-06-10 17:26 - 000000000 ____D C:\Users\nc2un\Desktop\BDef Vulnerability Scan Results
2023-06-10 17:09 - 2023-06-10 17:09 - 000229652 _____ C:\ProgramData\vpn.1686434925.bdinstall.v2.bin
2023-06-10 17:07 - 2023-06-10 17:07 - 000102644 _____ C:\ProgramData\agent.update.1686434845.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000643364 _____ C:\ProgramData\cl.1686434002.bdinstall.v2.bin
2023-06-10 17:05 - 2023-06-10 17:05 - 000115216 _____ C:\ProgramData\cl.kit.1686433983.bdinstall.v2.bin
2023-06-10 16:50 - 2023-06-10 16:56 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\nc2un\Downloads\spybotsd-2.9.85.5.exe
2023-06-10 16:49 - 2023-06-10 16:49 - 000160116 _____ C:\ProgramData\agent.1686433752.bdinstall.v2.bin
2023-06-10 02:59 - 2023-06-12 07:35 - 000000000 ____D C:\ProgramData\ProductData
2023-06-10 02:59 - 2023-06-10 02:59 - 000000000 ____D C:\Users\nc2un\AppData\LocalLow\IObit
2023-06-10 02:58 - 2023-06-12 07:35 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\IObit
2023-06-10 02:58 - 2023-06-10 02:59 - 000000000 ____D C:\ProgramData\IObit
C:\Program Files\Common Files\Bitdefender
C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{0B95C17C-F335-4C86-863C-230AAF983F0F}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Registry Life\Notifications.dll",Activate -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{5b54b760-8dd0-a58f-c64a-28b87f30392f}\localserver32 -> "C:\Users\nc2un\AppData\Local\OneLaunch\5.16.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{D5C4136A-93E5-4678-A6F8-0B2D9BB10999}\localserver32 -> C:\Windows\System32\RunDll32.exe "C:\Program Files\Reg Organizer\Notifications.dll",Activate -ToastActivated => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
AlternateDataStreams: C:\Users\nc2un\Downloads\Basic_Webpack_x64-1312-OJ8600_Basicx64_Webpack.exe:BDU [0]
AlternateDataStreams: C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe:MBAM.Zone.Identifier [168]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLHKLM\...\StartupApproved\Run: => "BdVpnApp"M\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKLM\...\StartupApproved\Run: => "CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B"
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
cmd: netsh winsock reset
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CL-26-EDD08BB7-C376-4D99-9D82-B531343FF86F" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"C:\Users\nc2un\Downloads\spybotsd-2.9.85.5 (1).exe" => not found
C:\ProgramData\agent.uninstall.1686569457.bdinstall.v2.bin => moved successfully
C:\ProgramData\cl.uninstall.1686565286.bdinstall.v2.bin => moved successfully
C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin => moved successfully
023-06-10 17:59 - 2023-06-10 17:59 - 000109988 _____ C:\ProgramData\vpn.uninstall.1686437819.bdinstall.v2.bin => Error: No automatic fix found for this entry.
C:\Windows\system32\Caad.db => moved successfully
C:\Users\nc2un\Desktop\BDef Vulnerability Scan Results => moved successfully
C:\ProgramData\vpn.1686434925.bdinstall.v2.bin => moved successfully
C:\ProgramData\agent.update.1686434845.bdinstall.v2.bin => moved successfully
C:\ProgramData\cl.1686434002.bdinstall.v2.bin => moved successfully
C:\ProgramData\cl.kit.1686433983.bdinstall.v2.bin => moved successfully
C:\Users\nc2un\Downloads\spybotsd-2.9.85.5.exe => moved successfully
C:\ProgramData\agent.1686433752.bdinstall.v2.bin => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\nc2un\AppData\LocalLow\IObit => moved successfully
C:\Users\nc2un\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
"C:\Program Files\Common Files\Bitdefender" => not found
C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha => moved successfully
"AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}" => removed successfully
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{0B95C17C-F335-4C86-863C-230AAF983F0F} => removed successfully
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{5b54b760-8dd0-a58f-c64a-28b87f30392f} => removed successfully
HKU\S-1-5-21-2792867324-3544351356-3005626667-1001_Classes\CLSID\{D5C4136A-93E5-4678-A6F8-0B2D9BB10999} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
C:\Users\nc2un\Downloads\Basic_Webpack_x64-1312-OJ8600_Basicx64_Webpack.exe => ":BDU" ADS removed successfully
C:\Users\nc2un\Documents\SysnativeBSODCollectionApp.exe => ":MBAM.Zone.Identifier" ADS could not remove.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="Happy birthday, Big Bend National Park!" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="Happy birthday, Big Bend National Park!" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="Happy birthday, Big Bend National Park!" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="Happy birthday, Big Bend National Park!" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CL-26-67A84368-A1DC-4EB6-A515-F7734C88D99B" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01DF0815-250E-4BEF-A399-C43432F6D46B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}" => removed successfully

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40164777 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 87448856 B
Edge => 0 B
Chrome => 578346625 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3208 B
systemprofile32 => 3208 B
LocalService => 1369612 B
NetworkService => 106563274 B
nc2un => 1025765618 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:26:25 ====

______________________________________________

Adware Cleaner txt S01

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-12-2023
# Duration: 00:00:18
# OS: Windows 10 (Build 19045.2965)
# Scanned: 32092
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE


AdwCleaner[S00].txt - [2137 octets] - [10/04/2023 19:47:11]
AdwCleaner[C00].txt - [2769 octets] - [10/04/2023 19:49:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


_____________________________________=



DR M said:
Under the title Windows Security Center (Premium only) the option is NOT checked.
Click to expand...

NOTE: Under the Windows Seurity Center (Premium only)
The Option to uncheck the box was greyed out and could not be unchecked.



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/12/23
Scan Time: 11:14 PM
Log File: bad8797c-09a0-11ee-aa6d-9840bb4864e7.json

-Software Information-
Version: 4.5.30.269
Components Version: 1.0.2037
Update Package Version: 1.0.70797
License: Free

-System Information-
OS: Windows 10 (Build 19045.2965)
CPU: x64
File System: NTFS
User: Blu-Skyz\nc2un

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 239882
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 30 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
Hi!

...... A Student jumped in.
Click to expand...

We all have been students once. :-)

Anyway! We focus here now. I'm ready. (y)


Search with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search box:
Code: 
 SearchAll: hlmflgnnmmojlnbmaokpfcjdkhkjbnok;browser.dll
  • Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.
 
Farbar Recovery Scan Tool (x64) Version: 12-06-2023
Ran by nc2un (13-06-2023 04:20:54)
Running from C:\Users\nc2un\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: hlmflgnnmmojlnbmaokpfcjdkhkjbnok;browser.dll" =============

File:
========
C:\Windows\WinSxS\msil_microsoft.virtualiz..on.client.vmbrowser_31bf3856ad364e35_10.0.19041.1_none_cba1731d774de824\Microsoft.Virtualization.Client.VMBrowser.dll
[2019-12-07 04:10][2019-12-07 04:28] 000537644 _____ () 512E93AAFC14CE7B0B2F99F3E9AB59A6 [File not signed]

C:\Windows\WinSxS\msil_microsoft.virtualiz..lient.6.3.vmbrowser_31bf3856ad364e35_10.0.19041.1_none_d2dcf5893073536b\Microsoft.Virtualization.Client.6.3.VMBrowser.dll
[2019-12-07 04:10][2019-12-07 04:28] 000403284 _____ () 81A20A2CC9378E3AE252659CC6B669FF [File not signed]

C:\Windows\WinSxS\msil_microsoft.virtualiz..lient.6.2.vmbrowser_31bf3856ad364e35_10.0.19041.1_none_9eeb7ab0c5997594\Microsoft.Virtualization.Client.6.2.VMBrowser.dll
[2019-12-07 04:10][2019-12-07 04:28] 000367118 _____ () F02C07D88E3DB3A620FD10A8075C91D1 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\browser.dll
[2023-06-09 23:29][2023-06-09 23:29] 000058932 _____ () 85A08D79B4D065D77836A31CD9C5A86C [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll
[2022-09-07 22:08][2022-09-07 22:08] 000001320 _____ () 98DA22EDE4F84037D016AE981FF246F0 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
[2022-09-07 22:08][2022-09-07 22:08] 000001422 _____ () C3A4FE032DF7F927D557D185AB218A41 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-b..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab74d3abeb67235f\browser.dll.mui
[2019-12-07 04:49][2019-12-07 04:49] 000003584 _____ (Microsoft Corporation) 5310A7D4D99DF3EA7A983489DDFE7D61 [File is digitally signed]

C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.2965.1.8\amd64_microsoft-windows-g..rveradmintools-gpme_31bf3856ad364e35_10.0.19041.2913_none_2aaa545e662ba7b2\r\gpregistrybrowser.dll
[2023-05-10 01:14][2023-04-28 00:55] 000010436 _____ () 4FEBE178C044F2D59567EC8960C5B05E [File not signed]

C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.2965.1.8\amd64_microsoft-windows-g..rveradmintools-gpme_31bf3856ad364e35_10.0.19041.2913_none_2aaa545e662ba7b2\f\gpregistrybrowser.dll
[2023-05-10 01:14][2023-04-28 00:55] 000010907 _____ () 3BE93E728FE64A8B96027827AD560C05 [File not signed]

C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.2965.1.8\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll
[2023-05-10 01:13][2023-04-28 02:40] 000001320 _____ () 98DA22EDE4F84037D016AE981FF246F0 [File not signed]

C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.2965.1.8\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
[2023-05-10 01:13][2023-04-28 02:40] 000001422 _____ () 4EAB43BB995C2CFCEBA881C13F69A8C4 [File not signed]


folder:
========
2023-05-26 17:35 - 2023-05-26 17:35 _____ C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok

Registry:
========

===================== Search result for "hlmflgnnmmojlnbmaokpfcjdkhkjbnok" ==========


===================== Search result for "browser.dll" ==========


====== End of Search ======
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top