Malware not found in scan/memory integrity shut off

Anonymous

Hi, I'm having two problems and I'm not sure if they are related but any and all help is so appreciated. First, there is malware on my computer. It's not showing up in any scans, and I've tried them all, but it keeps coming back. It started with browser hijacking, then shutting down the browser completely and something that looks like my command prompt pops up but it didn't look quite right and I couldn't use it and then it suddenly disappears as the browser window comes back. I noticed it as an extension on my browser as well, downloading gaudio helped to remove the extension but it still comes back. Like I said I've been scanning my computer and it can't find anything, it's good for a while and then it's there again.

As I was going through all the scans I noticed I can't turn on my memory integrity. I have completed all updates and it found the incompatible driver but I don't see any driver updates.

I don't know what to do other than going back to factory settings. Thanks and have a good day everyone.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

19 answers

Anonymous

2023-06-11T23:55:54+00:00

I followed the instructions, it looks like the fixit log just all became one log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023 Ran by rrtk1 (11-06-2023 16:32:42) Run:1 Running from C:\Users\rrtk1\Downloads Loaded Profiles: rrtk1 Boot Mode: Normal ============================================== fixlist content: ***************** Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION Startup: C:\Users\rrtk1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Editor.lnk [2023-04-16] Task: {27536CF2-9520-4D30-8C69-8178904301D4} - System32\Tasks\chrome display => C:\WINDOWS\system32\cmd.exe [331776 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAKAAoAIAAgACQASgBWAGEAcgBfAGcAPQAkAG4AdQBsAGwAOwAKACQAcgBWAEUAUgBfAG0AIAA9ACAAIgAzADcAIgA7AAoACgAKACAAIAAkAHQAeAB0AEUAbgBjAF8AQQBTAEMAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkAOwAKACQAbwBrAD0AJAB0AHIAdQBlAAoAIAAkAEwAbwBjAG (the data entry has 5611 more characters). Task: {897D3EDA-BD3B-4058-8874-0506E05FFF49} - System32\Tasks\chrome appearance => C:\WINDOWS\system32\cmd.exe [331776 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAgACAAIAAgACAACgAJAAoAJABvAGsAPQAkAHQAcgB1AGUACgAgACAAJABwAGEAcgBtAF8AbABvAGMAIAA9ACAAIgBXAHkASQB4AE8ARABrAHgATgBEAEEAeQBNAHoATQB6AE8ARABRADEATQBqAEkAeQBOAHoAVQAyAEkAaQB3AHgATgBqAGcAeABOAGoAZwA0AE4AagBZAHgATABDAEoATwBSAEYAVgA1AFQAVwBwAEoAUgBrAFIAUgBjADAAUgBDAF (the data entry has 5495 more characters). Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X] S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] File: C:\Users\rrtk1\AppData\Roaming\Editor\Editor.exe StartPowershell: Set-ExecutionPolicy -Scope Process Undefined Set-ExecutionPolicy -Scope LocalMachine RemoteSigned Get-ExecutionPolicy -List C:\Windows\SysWOW64\lodctr.exe /R C:\Windows\System32\lodctr.exe /R winmgmt.exe /resyncperf $Exts = (Get-MpPreference).ExclusionExtension Foreach ($Ext in $Exts){ Remove-MpPreference -ExclusionExtension $Ext -EA SilentlyContinue } $Paths = (Get-MpPreference).ExclusionPath Foreach ($Path in $Paths){ Remove-MpPreference -ExclusionPath $Path -EA SilentlyContinue } $Procs = (Get-MpPreference).ExclusionProcess Foreach ($Proc in $Procs){ Remove-MpPreference -ExclusionProcess $Proc -EA SilentlyContinue } $ThreatIds = (Get-MpPreference).ThreatIDDefaultAction_Ids Foreach ($ThreatId in $ThreatIds) { Remove-MpPreference -ThreatIDDefaultAction_Ids $ThreatId -EA SilentlyContinue } reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /f reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats" /f Set-Mppreference -CheckForSignaturesBeforeRunningScan $true -Force Set-Mppreference -DisableArchiveScanning $false -Force Set-Mppreference -DisableAutoExclusions $true -Force Set-Mppreference -DisableBehaviorMonitoring $false -Force Set-Mppreference -DisableCatchupFullScan $true -Force Set-Mppreference -DisableCatchupQuickScan $true -Force Set-Mppreference -DisableIOAVProtection $false -Force Set-Mppreference -DisablePrivacyMode $true -Force Set-Mppreference -DisableRealtimeMonitoring $false -Force Set-Mppreference -DisableRemovableDriveScanning $true -Force Set-Mppreference -DisableScanningNetworkFiles $true -Force Set-Mppreference -MAPSReporting basic -Force Set-Mppreference -PUAProtection enabled -Force Set-Mppreference -QuarantinePurgeItemsAfterDelay 90 -Force Set-Mppreference -ScanPurgeItemsAfterDelay 30 -Force Set-Mppreference -ScanScheduleQuickScanTime "02:00:00" -Force Set-Mppreference -ScanScheduleTime "02:00:00" -Force Set-Mppreference -SignatureAuGracePeriod 0 -Force Set-Mppreference -SignatureDisableUpdateOnStartupWithoutEngine $false -Force Set-Mppreference -SignatureFallbackOrder "MicrosoftUpdateServer|MMPC" -Force Set-Mppreference -SignatureScheduleDay Everyday -Force Set-Mppreference -SignatureUpdateCatchupInterval 1 -Force Set-Mppreference -SignatureUpdateInterval 6 -Force Set-Mppreference -UILockdown 0 -Force Remove-Mppreference -ProxyBypass -Force Remove-Mppreference -ProxyPacUrl -Force Remove-Mppreference -ProxyServer -Force Remove-Mppreference -SharedSignaturesPath -Force Remove-Mppreference -SignatureAuGracePeriod -Force Remove-Mppreference -SignatureBlobFileSharesSources -Force Remove-Mppreference -SignatureDefinitionUpdateFileSharesSources -Force Set-Service -Name "BITS" -StartupType Manual -Verbose Set-Service -Name "Dhcp" -StartupType Automatic -Verbose Set-Service -Name "EventLog" -StartupType Automatic -Verbose Set-Service -Name "EventSystem" -StartupType Automatic -Verbose Set-Service -Name "nsi" -StartupType Automatic -Verbose Set-Service -Name "RasMan" -StartupType Manual -Verbose Set-Service -Name "SDRSVC" -StartupType Manual -Verbose Set-Service -Name "SstpSvc" -StartupType Manual -Verbose Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose Set-Service -Name "VSS" -StartupType Manual -Verbose Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose Set-Service -Name "wuauserv" -StartupType Manual -Verbose Get-MpPreference | fl Get-MpComputerStatus | fl gsv dosvc, mpssvc, SecurityHealthService, WinDefend, winmgmt, wscsvc, wuauserv | ft -auto Name, DisplayName, StartType, Status EndPowershell: cmd: pnputil.exe /delete-driver oem35.inf /uninstall /force CMD: bitsadmin /reset /allusers EmptyTemp: End:: ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully C:\Users\rrtk1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Editor.lnk => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{27536CF2-9520-4D30-8C69-8178904301D4}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{27536CF2-9520-4D30-8C69-8178904301D4}" => removed successfully C:\WINDOWS\System32\Tasks\chrome display => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\chrome display" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{897D3EDA-BD3B-4058-8874-0506E05FFF49}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{897D3EDA-BD3B-4058-8874-0506E05FFF49}" => removed successfully C:\WINDOWS\System32\Tasks\chrome appearance => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\chrome appearance" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully "HKLM\System\CurrentControlSet\Services\DBUtilDrv2" => removed successfully DBUtilDrv2 => service removed successfully HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully WinSetupMon => service removed successfully ========================= File: C:\Users\rrtk1\AppData\Roaming\Editor\Editor.exe ======================== C:\Users\rrtk1\AppData\Roaming\Editor\Editor.exe File not signed MD5: B25F2368A855118AA6ED83CABE5A3B36 Creation and modification date: 2023-03-30 08:01 - 2023-03-30 08:01 Size: 034035200 Attributes: ----A Company Name: NodeGui Internal Name: qode Original Name: qode.exe Product: Qode Description: Qode.js JavaScript Runtime for Qt File Version: 16.4.0 Product Version: 16.4.0 Copyright: Copyright Atul R and NodeGui contributors. MIT license. VirusTotal: https://www.virustotal.com/gui/file/b79f3f48bd97b1a4b957642a78af1d4515689825fd6ed9b57dc49040d72c0431/detection/f-b79f3f48bd97b1a4b957642a78af1d4515689825fd6ed9b57dc49040d72c0431-1686335035 ====== End of File: ====== ========= Powershell: ========= Scope ExecutionPolicy ----- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser Undefined LocalMachine RemoteSigned Info: Successfully rebuilt performance counter setting from system backup store Info: Successfully rebuilt performance counter setting from system backup store AllowDatagramProcessingOnWinServer : False AllowNetworkProtectionDownLevel : False AllowNetworkProtectionOnWinServer : False AllowSwitchToAsyncInspection : False AttackSurfaceReductionOnlyExclusions : AttackSurfaceReductionRules_Actions : AttackSurfaceReductionRules_Ids : AttackSurfaceReductionRules_RuleSpecificExclusions : AttackSurfaceReductionRules_RuleSpecificExclusions_Id : CheckForSignaturesBeforeRunningScan : True CloudBlockLevel : 0 CloudExtendedTimeout : 0 ComputerID : 6F8BDC78-A603-4D10-9D59-AD0D0AE550B9 ControlledFolderAccessAllowedApplications : {C:\Program Files\WindowsApps\Microsoft.Paint_11.2302.18.0_x64_ _8wekyb3d8bbwe\PaintApp\mspaint.exe} ControlledFolderAccessProtectedFolders : DefinitionUpdatesChannel : 0 DisableArchiveScanning : False DisableAutoExclusions : True DisableBehaviorMonitoring : False DisableBlockAtFirstSeen : False DisableCacheMaintenance : False DisableCatchupFullScan : True DisableCatchupQuickScan : True DisableCpuThrottleOnIdleScans : True DisableDatagramProcessing : False DisableDnsOverTcpParsing : False DisableDnsParsing : False DisableEmailScanning : True DisableFtpParsing : False DisableGradualRelease : False DisableHttpParsing : False DisableInboundConnectionFiltering : False DisableIOAVProtection : False DisableNetworkProtectionPerfTelemetry : False DisablePrivacyMode : True DisableRdpParsing : False DisableRealtimeMonitoring : False DisableRemovableDriveScanning : True DisableRestorePoint : True DisableScanningMappedNetworkDrivesForFullScan : True DisableScanningNetworkFiles : True DisableScriptScanning : False DisableSmtpParsing : False DisableSshParsing : False DisableTlsParsing : False EnableControlledFolderAccess : 1 EnableDnsSinkhole : True EnableFileHashComputation : False EnableFullScanOnBatteryPower : False EnableLowCpuPriority : False EnableNetworkProtection : 0 EngineUpdatesChannel : 0 ExclusionExtension : ExclusionIpAddress : ExclusionPath : ExclusionProcess : ForceUseProxyOnly : False HighThreatDefaultAction : 0 IntelTDTEnabled : LowThreatDefaultAction : 0 MAPSReporting : 1 MeteredConnectionUpdates : False ModerateThreatDefaultAction : 0 OobeEnableRtpAndSigUpdate : False PlatformUpdatesChannel : 0 ProxyBypass : ProxyPacUrl : ProxyServer : PUAProtection : 1 QuarantinePurgeItemsAfterDelay : 90 RandomizeScheduleTaskTimes : True RealTimeScanDirection : 0 RemediationScheduleDay : 0 RemediationScheduleTime : 02:00:00 ReportDynamicSignatureDroppedEvent : False ReportingAdditionalActionTimeOut : 10080 ReportingCriticalFailureTimeOut : 10080 ReportingNonCriticalTimeOut : 1440 ScanAvgCPULoadFactor : 50 ScanOnlyIfIdleEnabled : True ScanParameters : 1 ScanPurgeItemsAfterDelay : 30 ScanScheduleDay : 0 ScanScheduleOffset : 120 ScanScheduleQuickScanTime : 02:00:00 ScanScheduleTime : 02:00:00 SchedulerRandomizationTime : 4 ServiceHealthReportInterval : 60 SevereThreatDefaultAction : 0 SharedSignaturesPath : SignatureAuGracePeriod : 0 SignatureBlobFileSharesSources : SignatureBlobUpdateInterval : 60 SignatureDefinitionUpdateFileSharesSources : SignatureDisableUpdateOnStartupWithoutEngine : False SignatureFallbackOrder : MicrosoftUpdateServer|MMPC SignatureFirstAuGracePeriod : 120 SignatureScheduleDay : 0 SignatureScheduleTime : 01:45:00 SignatureUpdateCatchupInterval : 1 SignatureUpdateInterval : 6 SubmitSamplesConsent : 1 ThreatIDDefaultAction_Actions : ThreatIDDefaultAction_Ids : ThrottleForScheduledScanOnly : True TrustLabelProtectionStatus : 0 UILockdown : False UnknownThreatDefaultAction : 0 PSComputerName : AMEngineVersion : 1.1.23050.3 AMProductVersion : 4.18.23050.3 AMRunningMode : Normal AMServiceEnabled : True AMServiceVersion : 4.18.23050.3 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 6/11/2023 4:14:21 AM AntispywareSignatureVersion : 1.391.1131.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 6/11/2023 4:14:20 AM AntivirusSignatureVersion : 1.391.1131.0 BehaviorMonitorEnabled : True ComputerID : 6F8BDC78-A603-4D10-9D59-AD0D0AE550B9 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : Default Allow DeviceControlPoliciesLastUpdated : 3/27/2023 8:41:26 AM DeviceControlState : Disabled FullScanAge : 28 FullScanEndTime : 5/13/2023 7:28:09 PM FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : 1.389.1198.0 FullScanStartTime : 5/13/2023 5:51:46 PM IoavProtectionEnabled : True IsTamperProtected : True IsVirtualMachine : False LastFullScanSource : 1 LastQuickScanSource : 2 NISEnabled : True NISEngineVersion : 1.1.23050.3 NISSignatureAge : 0 NISSignatureLastUpdated : 6/11/2023 4:14:20 AM NISSignatureVersion : 1.391.1131.0 OnAccessProtectionEnabled : True ProductStatus : 524288 QuickScanAge : 4 QuickScanEndTime : 6/6/2023 11:42:15 PM QuickScanOverdue : False QuickScanSignatureVersion : 1.391.680.0 QuickScanStartTime : 6/6/2023 11:24:49 PM RealTimeProtectionEnabled : True RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : Off TamperProtectionSource : Signatures TDTMode : N/A TDTSiloType : S TDTStatus : Disabled TDTTelemetry : Disabled TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName : Name DisplayName StartType Status ---- ----------- --------- ------ dosvc Delivery Optimization Automatic Running mpssvc Windows Defender Firewall Automatic Running SecurityHealthService Windows Security Service Manual Running WinDefend Microsoft Defender Antivirus Service Automatic Running winmgmt Windows Management Instrumentation Automatic Running wscsvc Security Center Automatic Running wuauserv Windows Update Manual Running ========= End of Powershell: ========= ========= pnputil.exe /delete-driver oem35.inf /uninstall /force ========= Microsoft PnP Utility Driver package uninstalled. Driver package deleted successfully. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. 0 out of 0 jobs canceled. ========= End of CMD: ========= =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 158923751 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 1031640 B Edge => 162691 B Chrome => 506642545 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 94046 B systemprofile32 => 94046 B LocalService => 94046 B NetworkService => 390362688 B rrtk1 => 499546961 B RecycleBin => 0 B EmptyTemp: => 1.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:36:32 ====
Please sign in to rate this answer.

0 comments No comments
_AW_ 67,206 Reputation points Volunteer Moderator

2023-06-11T22:58:20+00:00

Download the following Fixlist to the folder FRST is in.

Run FRST and press Fix.

Please post the resulting Fixlog.

https://1drv.ms/t/s!AqQnVFhmcB_wmm9VIhz8L9w36c8s?e=dfbZuA
Please sign in to rate this answer.

0 comments No comments
Anonymous

2023-06-11T18:11:46+00:00

And then here is the additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023

Ran by rrtk1 (11-06-2023 11:00:14)

Running from C:\Users\rrtk1\Downloads

Microsoft Windows 11 Home Version 21H2 22000.2003 (X64) (2021-11-07 19:12:53)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1652131316-3089940887-153183512-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1652131316-3089940887-153183512-503 - Limited - Disabled)

Guest (S-1-5-21-1652131316-3089940887-153183512-501 - Limited - Disabled)

rrtk1 (S-1-5-21-1652131316-3089940887-153183512-1001 - Administrator - Enabled) => C:\Users\rrtk1

WDAGUtilityAccount (S-1-5-21-1652131316-3089940887-153183512-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Cisco Webex Meetings (HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)

Dell SupportAssist (HKLM...{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)

Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM...{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden

Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32...{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)

Dell SupportAssist Remediation (HKLM...{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden

Dell SupportAssist Remediation (HKLM-x32...{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.)

Dynamic Application Loader Host Interface Service (HKLM...{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Google Chrome (HKLM-x32...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)

Intel(R) Icls (HKLM...{AE33809B-734E-4A79-BBDC-0DDE03950065}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel(R) LMS (HKLM...{4479B4B8-D77B-474A-ABC5-1E5A4356F7DE}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel(R) Management Engine Components (HKLM...{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)

Intel(R) Management Engine Driver (HKLM...{F0A3D842-E346-45C5-9546-90FEFD477F6E}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel(R) Serial IO (HKLM...{06534C2E-CDD8-440B-A370-13E2E1C45FDC}) (Version: 30.100.2020.7 - Intel Corporation) Hidden

Intel(R) Serial IO (HKLM...{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)

Intel(R) Trusted Connect Service Client x64 (HKLM...{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.57.263.0 - Intel Corporation) Hidden

Intel(R) Trusted Connect Service Client x86 (HKLM-x32...{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.57.263.0 - Intel Corporation) Hidden

Intel(R) Trusted Connect Services Client (HKLM-x32...{cca61e5e-7498-4d07-925c-194b016c272e}) (Version: 1.57.263.0 - Intel Corporation) Hidden

Microsoft .NET Host - 5.0.17 (x64) (HKLM...{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden

Microsoft .NET Host - 6.0.16 (x64) (HKLM...{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM...{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM...{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 5.0.17 (x64) (HKLM...{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32...{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)

Microsoft .NET Runtime - 6.0.16 (x64) (HKLM...{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.16 (x64) (HKLM-x32...{2a8d0f2b-911b-4b58-8252-46b29e7a4590}) (Version: 6.0.16.32323 - Microsoft Corporation)

Microsoft 365 Apps for enterprise - en-us (HKLM...\O365ProPlusRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)

Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)

Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\Teams) (Version: 1.3.00.4461 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM...{D98EA283-A784-4037-BD51-739D87BFF693}) (Version: 4.73.0.0 - Microsoft Corporation)

Microsoft VC++ redistributables repacked. (HKLM...{7D140DB0-C575-4220-958F-F6E5343EC20F}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft VC++ redistributables repacked. (HKLM-x32...{5C0751B8-ED8A-4B82-AF0E-61850AC64F5C}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM...{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM...{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

OptaneDowngradeGuard (HKLM...{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden

Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32...{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10531 - Qualcomm)

Realtek Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9228.1 - Realtek Semiconductor Corp.)

RstDowngradeGuard (HKLM...{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden

Teams Machine-Wide Installer (HKLM-x32...{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.4461 - Microsoft Corporation)

Windows 10 Update Assistant (HKLM-x32...{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)

Windows PC Health Check (HKLM...{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)

Zoom (HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\ZoomUMX) (Version: 5.11.1 (6602) - Zoom Video Communications, Inc.)

Packages:

=========

3D Chess Game -> C:\Program Files\WindowsApps\ATrillionGamesLtd.3DChessMaster_3.4.1.0_x64__2cw2yhd8jafk0 [2022-07-13] (A Trillion Games Ltd) [MS Ad]

Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2020-06-03] (Adobe Systems Incorporated)

Alchemy 10 -> C:\Program Files\WindowsApps\Sphereline.Alchymie_4.6.8.0_x64__h32hfbwwg6fcm [2023-05-07] (Sphereline) [MS Ad]

Checkers Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.CheckersDeluxe_3.1.10.0_x64__kx24dqmazqk8j [2023-05-07] (Random Salad Games LLC) [MS Ad]

Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-05-01] (Dell Inc)

Fireboy and Watergirl: Elements -> C:\Program Files\WindowsApps\43634OsloAlbet.FireboyWatergirlElements_1.1.0.0_x64__s67szd2nzt0q8 [2022-07-13] (Oslo Albet)

Grammarly for Microsoft Edge -> C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2020-09-17] (Grammarly)

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-05-28] (INTEL CORP) [Startup Task]

Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-05-28] (INTEL CORP)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-07] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-07] (Microsoft Corporation) [MS Ad]

Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_2.6.4281.0_x86__8wekyb3d8bbwe [2023-05-09] (Microsoft Studios) [MS Ad]

Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.3.4201.0_x64__8wekyb3d8bbwe [2023-05-07] (Microsoft Studios) [MS Ad]

Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.8.10203.0_x64__8wekyb3d8bbwe [2023-05-07] (Microsoft Studios) [MS Ad]

Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-05-30] (Microsoft Corporation) [Startup Task]

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-17] (Microsoft Corporation)

Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.578.564.0_x86__55nm5eh3cm0pr [2023-06-03] (ROBLOX Corporation)

Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2020-05-28] (Samsung Electronics Co. Ltd.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0 [2023-05-28] (Spotify AB) [Startup Task]

Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-05-08] (Waves Audio)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1652131316-3089940887-153183512-1001_Classes\CLSID{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\rrtk1\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)

CustomCLSID: HKU\S-1-5-21-1652131316-3089940887-153183512-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\rrtk1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1652131316-3089940887-153183512-1001_Classes\CLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\rrtk1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1652131316-3089940887-153183512-1001_Classes\CLSID{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\rrtk1\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-03-30 08:01 - 2023-03-30 08:01 - 004918784 _____ () [File not signed] \?\C:\Users\rrtk1\AppData\Roaming\Editor\dist\nodegui_core-f97de37a48963fe8590eb2e16799ab3c.node

2020-05-28 15:36 - 2020-05-28 15:36 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll

2020-05-28 15:36 - 2020-05-28 15:36 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll

2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll

2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll

2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll

2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll

2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll

2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-03] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-10-03 19:06 - 2020-10-03 19:11 - 000000441 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1652131316-3089940887-153183512-1001\Control Panel\Desktop\Wallpaper -> C:\Users\rrtk1\OneDrive\Pictures\Saved Pictures\blue.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38ECA368-3C90-4E5F-83A2-CD646C7CAA9A}] => (Allow) C:\Users\rrtk1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{CA0F7365-00AC-47AD-A1BF-6680005AE3B4}] => (Allow) C:\Users\rrtk1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{139332D9-C520-4E88-97CC-F7E4FE5EB942}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{419E5E8F-0C36-4879-936E-0B1DE19EF611}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F3B23C80-7736-4FD1-9FC3-E3B216F0011A}] => (Allow) C:\Users\rrtk1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{C9918D00-A4A6-4A27-A655-5EE0BA808566}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4249F8ED-AAA7-45DF-8066-B51CE57EE960}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{6FE9C236-B40B-432E-8F34-A331331E8E52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C16358DF-C339-477A-893E-2D6E735D85D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{A81E3FBC-22E4-4815-A34E-0D3F9555ACBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{11B6756F-3F97-47B4-BEF2-535258F25F7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{82EB1E7F-62C5-4A22-9ED4-6933D14AAC0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{DDB6404A-8EC0-4899-A037-4F2DB2E67D39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{5877D2A3-4D08-4A0A-9C15-E28E2DFD0BE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{5C9EDA3F-9648-4D88-94F1-2D0DC5FE929A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{D7B7CE6A-7B32-4FE9-8B21-7C40B4BA2189}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{26C84C63-00E1-4689-887A-6BB933BBFF77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{89678681-3D84-4598-BC66-333BED08E655}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{114C597B-023D-4144-A3A4-0DECE0265F17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{59FB3D69-2B0C-450B-94E4-EC069B74BD28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{9B790FAC-7C1C-42AF-86A9-672A216AC131}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1FB4E498-71EA-4F56-9519-5FFC9C6DABF0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{901ADE04-08A3-4F2A-8F47-9D556E1BCC35}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{39D99E24-E58A-42B7-9E93-FBC72E6DB20B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{FAA3683C-8B32-44EB-975C-C92B414E5449}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{F6234690-47AC-494A-ACD6-50489C57582D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{BDCCC1EA-62D9-49BB-BBC9-919CE7BA8C61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{1B20B164-F8CC-4316-90D1-0090208E055B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{67C478D9-EB01-4710-B43C-3F543C926C35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{6569EBC7-BB07-4D67-A673-DA2BD4F7A77C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{63865E1B-705C-4DEB-AC0C-D2CBB4946E43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{7AAC1478-F2A6-4705-9295-84B0951FD5C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{C57BDEC9-3FB5-42B1-A4F9-2105F006BBE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{8D935561-B0B0-48A4-8B6B-C9259DACD14C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{209EE6AA-0B89-463E-9C4E-C0B48ABDEA32}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{2331672B-5BB8-406D-A1F7-F301533CF76C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

05-06-2023 15:24:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Microsoft Wi-Fi Direct Virtual Adapter #8

Description: Microsoft Wi-Fi Direct Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (06/11/2023 02:18:13 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {a5003df0-2da4-4229-b2b1-ff393a86d8e9}

Error: (06/11/2023 12:25:47 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0
Please sign in to rate this answer.

0 comments No comments
Anonymous

2023-06-11T18:10:26+00:00

I reset chrome but the extension came back. I followed your instructions for FRST. The logs are pretty short so I'll just post them in the reply. This is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023

Ran by rrtk1 (administrator) on LAPTOP-RACHEL (Dell Inc. Inspiron 5481) (11-06-2023 10:56:33)

Running from C:\Users\rrtk1\Downloads\FRST64.exe

Loaded Profiles: rrtk1

Platform: Microsoft Windows 11 Home Version 21H2 22000.2003 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe

(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe

(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe

(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe

(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe

(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe

(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe

(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\rrtk1\AppData\Local\WebEx\ciscowebexstart.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe

(explorer.exe ->) (NodeGui) [File not signed] C:\Users\rrtk1\AppData\Roaming\Editor\Editor.exe

(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77de.inf_amd64_9220aa0f9500a019\WavesSvc64.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <54>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileCoAuth.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.107.0521.0001\Microsoft.SharePoint.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <2>

(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe

(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe

(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4de65d949492707a\IntelCpHeciSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe

(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe

(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe

(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncHelper.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe

(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <3>

(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe

(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77de.inf_amd64_9220aa0f9500a019\WavesSysSvc64.exe

(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe

(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.212.902.0_x86__zpdnekdrzrea0\SpotifyWidgetProvider.exe

(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt\IGCC.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe

(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-08-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77de.inf_amd64_9220aa0f9500a019\WavesSvc64.exe [1570400 2019-09-19] (Waves Inc -> Waves Audio Ltd.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION

HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2605488 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1652131316-3089940887-153183512-1001...\Run: [CiscoMeetingDaemon] => C:\Users\rrtk1\AppData\Local\WebEx\ciscowebexstart.exe [4703056 2021-10-22] (Cisco WebEx LLC -> Cisco Webex LLC)

HKLM...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)

HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

Startup: C:\Users\rrtk1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Editor.lnk [2023-04-16]

ShortcutTarget: Editor.lnk -> C:\Users\rrtk1\AppData\Roaming\Editor\Editor.exe (NodeGui) [File not signed] <==== ATTENTION

Startup: C:\Users\rrtk1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-22]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B5C4D87-38C8-4561-887A-FDDEC25A1C23} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1652131316-3089940887-153183512-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147632 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

Task: {1CE9AC5A-C174-4B98-B2A7-9F8F7E449AA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {1F79DDB0-25C7-4B90-A65D-11A70F29FE46} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-05-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {27536CF2-9520-4D30-8C69-8178904301D4} - System32\Tasks\chrome display => C:\WINDOWS\system32\cmd.exe [331776 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAKAAoAIAAgACQASgBWAGEAcgBfAGcAPQAkAG4AdQBsAGwAOwAKACQAcgBWAEUAUgBfAG0AIAA9ACAAIgAzADcAIgA7AAoACgAKACAAIAAkAHQAeAB0AEUAbgBjAF8AQQBTAEMAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkAOwAKACQAbwBrAD0AJAB0AHIAdQBlAAoAIAAkAEwAbwBjAG (the data entry has 5611 more characters). <==== ATTENTION

Task: {3CD0220F-FD1F-4410-9C91-40BE9EFA5B67} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {435DA7BC-2F49-441A-A353-EFF1409FBF21} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)

Task: {43A2D12B-5FA9-44A8-9DA8-C073061C00D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {670EE7C6-C90F-42B5-8871-2F2C4483FC24} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147632 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

Task: {692DBECA-CF90-410D-B8FC-5E4EE5E392BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-28] (Google LLC -> Google LLC)

Task: {897D3EDA-BD3B-4058-8874-0506E05FFF49} - System32\Tasks\chrome appearance => C:\WINDOWS\system32\cmd.exe [331776 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAgACAAIAAgACAACgAJAAoAJABvAGsAPQAkAHQAcgB1AGUACgAgACAAJABwAGEAcgBtAF8AbABvAGMAIAA9ACAAIgBXAHkASQB4AE8ARABrAHgATgBEAEEAeQBNAHoATQB6AE8ARABRADEATQBqAEkAeQBOAHoAVQAyAEkAaQB3AHgATgBqAGcAeABOAGoAZwA0AE4AagBZAHgATABDAEoATwBSAEYAVgA1AFQAVwBwAEoAUgBrAFIAUgBjADAAUgBDAF (the data entry has 5495 more characters). <==== ATTENTION

Task: {89D2891E-A3A2-4A54-94E0-85BCECE68800} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-28] (Google LLC -> Google LLC)

Task: {8DBFB357-CBFA-4678-AB07-3D79ACE884AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {C0789CA3-2CC5-47AB-A922-E9C27FDE9205} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)

Task: {D3139C9C-A25E-4143-AB9F-C9CECCCD7794} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E345D276-E263-4B44-BC36-2E76A2AD8D55} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {E59734B2-8441-4143-A6D0-8C89C7E4E0E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip..\Interfaces{91efaed7-5c72-4846-b01c-215f1ac9f3e5}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip..\Interfaces{cd0246d9-857a-455c-b1c3-9688089e623b}: [DhcpNameServer] 192.168.1.1

Tcpip..\Interfaces{d4713b6a-4bbb-4322-904f-5bd5c30fc9c2}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (Grammarly for Microsoft Edge) -> EdgeExtension_GrammarlyGrammarlyforMicrosoftEdge_zee0y2571dhse => C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2020-09-17]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:\Users\rrtk1\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-28]

Edge Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\rrtk1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-04-26]

Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\rrtk1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2023-05-14]

Edge Extension: (Edge relevant text changes) - C:\Users\rrtk1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-26]

Edge Profile: C:\Users\rrtk1\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2022-12-14]

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default [2023-06-11]

CHR Extension: (PDF to Image Converter - Smallpdf.com) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjphgkjkhhifnbgjbebfjombdagokn [2020-05-28]

CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2023-06-06]

CHR Extension: ( Colorful Galaxy) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabbbedehhbogefnfdakijemlefkkeh [2023-04-23]

CHR Extension: (Google Docs Offline) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-06]

CHR Extension: (Guardio Protection for Chrome) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2023-04-23]

CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-06-06]

CHR Extension: (Word to PDF - Smallpdf.com) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkpncleclnaihjlknbcpbjpanihohdh [2020-05-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Audio Converter) - C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2020-05-28]

CHR Profile: C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-02-27]

CHR Profile: C:\Users\rrtk1\AppData\Local\Google\Chrome\User Data\System Profile [2022-02-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-13] (Microsoft Corporation -> Microsoft Corporation)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)

R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-04-11] (Dell Inc -> Dell INC.)

R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-01-19] (Dell Inc -> )

R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)

R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncHelper.exe [3445672 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.107.0521.0001\OneDriveUpdaterService.exe [3781512 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)

R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2022-01-24] (Qualcomm Atheros, Inc. -> )

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]

S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)

R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)

U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)

S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-11 10:56 - 2023-06-11 10:58 - 000023738 _____ C:\Users\rrtk1\Downloads\FRST.txt

2023-06-11 10:55 - 2023-06-11 10:57 - 000000000 ____D C:\FRST

2023-06-11 10:53 - 2023-06-11 10:53 - 002383360 _____ (Farbar) C:\Users\rrtk1\Downloads\FRST64.exe

2023-06-02 23:57 - 2023-06-02 23:57 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task

2023-06-02 23:57 - 2023-06-02 23:57 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-05-28 11:22 - 2023-05-28 11:22 - 000000000 ___HD C:$WinREAgent

2023-05-14 12:25 - 2023-05-14 12:25 - 000000000 ____D C:\Users\rrtk1\AppData\Roaming\Microsoft\MMC

2023-05-13 18:05 - 2023-06-06 19:35 - 108527616 _____ C:\WINDOWS\system32\config\SOFTWARE

2023-05-13 17:47 - 2023-05-13 18:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware

2023-05-13 17:33 - 2019-04-24 22:32 - 000299392 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcAudioBus.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-11 10:58 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\AppReadiness

2023-06-11 10:56 - 2020-05-28 15:16 - 000000000 ____D C:\Program Files (x86)\Google

2023-06-11 10:55 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemTemp

2023-06-11 10:54 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-06-11 10:45 - 2021-11-07 11:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2023-06-11 10:22 - 2021-06-05 05:10 - 000000000 ___HD C:\Program Files\WindowsApps

2023-06-11 10:15 - 2021-06-05 05:09 - 000000000 ____D C:\WINDOWS\INF

2023-06-11 10:14 - 2021-11-07 12:11 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{90905BF2-5E42-42AF-8B7B-4D4AB9F11505}

2023-06-10 22:27 - 2023-01-16 18:58 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-06-10 22:27 - 2020-09-30 17:17 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-06-09 22:59 - 2021-11-07 12:11 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2023-06-09 22:59 - 2021-11-07 12:11 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2023-06-06 23:35 - 2020-05-28 16:47 - 000000000 ____D C:\Users\rrtk1\AppData\Local\Packages

2023-06-06 19:39 - 2020-05-28 16:49 - 000000000 ___RD C:\Users\rrtk1\OneDrive

2023-06-06 19:37 - 2020-05-28 16:47 - 000000000 __SHD C:\Users\rrtk1\IntelGraphicsProfiles

2023-06-06 19:36 - 2021-11-07 12:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2023-06-06 19:36 - 2019-07-19 16:32 - 000000000 ____D C:\Intel

2023-06-06 19:35 - 2021-06-20 14:08 - 000000000 ____D C:\Program Files\Microsoft OneDrive

2023-06-06 19:35 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ServiceState

2023-06-06 19:35 - 2020-09-30 16:03 - 000012288 ___SH C:\DumpStack.log.tmp

2023-06-06 19:34 - 2021-06-05 05:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2023-06-06 11:23 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\CbsTemp

2023-06-06 03:32 - 2020-05-28 15:16 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2023-06-05 15:51 - 2021-09-12 12:40 - 000000000 ____D C:\Users\rrtk1\AppData\Local\D3DSCache

2023-06-02 23:57 - 2021-12-12 16:22 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1652131316-3089940887-153183512-1001

2023-05-31 20:27 - 2019-04-15 17:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2023-05-28 12:32 - 2021-11-07 12:01 - 000805260 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2023-05-28 12:20 - 2021-06-05 05:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2023-05-28 12:20 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemResources

2023-05-28 12:20 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\oobe

2023-05-28 12:20 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\bcastdvr

2023-05-28 12:20 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\servicing

2023-05-28 11:42 - 2021-11-07 11:43 - 003110400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2023-05-28 10:06 - 2020-06-28 08:46 - 000000000 ____D C:\Users\rrtk1\OneDrive\Documents\Personal

2023-05-26 05:22 - 2021-11-07 12:11 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2023-05-26 05:22 - 2021-11-07 12:11 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2023-05-14 12:12 - 2020-06-30 10:07 - 000000000 ____D C:\Users\rrtk1\AppData\Local\ElevatedDiagnostics

2023-05-13 17:31 - 2020-05-28 16:37 - 000000000 ____D C:\WINDOWS\Firmware

2023-05-13 15:48 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2023-05-13 13:38 - 2020-05-28 15:34 - 000000000 ____D C:\Program Files\Microsoft Office

2023-05-13 12:51 - 2020-05-28 19:02 - 000000000 ____D C:\WINDOWS\system32\MRT

2023-05-13 12:36 - 2020-05-28 19:01 - 159583304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Please sign in to rate this answer.

0 comments No comments
Reza-Ameri 45,806 Reputation points Volunteer Moderator

2023-06-01T19:44:38+00:00

Try reset Google Chrome's settings and see if the problem persists?

Have a look at Reset Chrome settings to default - Google Chrome Help.
Please sign in to rate this answer.

0 comments No comments

Share via

Malware not found in scan/memory integrity shut off

19 answers