Hello,
There's a lot of info here but I'll keep it short. Just ask me if you want more details.
Long story short, I have some type of Malware that infected my entire network of devices back in December. I've tried Everything to get rid of it.
Bought a new Dell XPS 17 9700, no matter how hard I tried it got infected (and no I didn't connect it to my Wi-Fi.
That's where I'm at today. Trying to fix the Dell XPS.
I've noticed a few key things to help, maybe.
- There were changes in my event log history that were related to CVE-2018-6622 (there were others too but that's the only one I can recall).
- The malware has direct access to my PCI assigned I/O addresses.
- Completely removing M.2 NVMe doesn't work.
- Tied re-flashing the BIOS too.
and a lot more stuff. Maybe I'm doing things in the wrong order. I just don't even know anymore.
Here's my logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by Jesse James (administrator) on DESKTOP-6L2B19S (Dell Inc. XPS 17 9700) (17-07-2021 16:20:03)
Running from C:\Users\Jesse James\Downloads
Loaded Profiles: Jesse James
Platform: Windows 10 Home Version 2004 19041.264 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-17 16:57 - 2021-07-17 15:58 - 000000000 ____D C:\Windows\Panther
2021-07-17 16:20 - 2021-07-17 16:20 - 000003601 _____ C:\Users\Jesse James\Downloads\FRST.txt
2021-07-17 16:19 - 2021-07-17 16:19 - 000000000 _____ C:\Users\Jesse James\Desktop\FRST.txt
2021-07-17 16:19 - 2021-07-17 16:19 - 000000000 _____ C:\Users\Jesse James\Desktop\Addition.txt
2021-07-17 16:17 - 2021-07-17 16:17 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Comms
2021-07-17 16:15 - 2021-07-17 16:20 - 000000000 ____D C:\FRST
2021-07-17 16:15 - 2021-07-17 15:46 - 002300416 _____ (Farbar) C:\Users\Jesse James\Downloads\iexplorer.exe
2021-07-17 16:09 - 2021-07-17 16:18 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-17 16:07 - 2021-07-17 16:07 - 000000000 ____D C:\Users\Jesse James\AppData\Local\ElevatedDiagnostics
2021-07-17 16:05 - 2021-07-17 16:05 - 000000000 ____D C:\Users\Jesse James\AppData\Local\OneDrive
2021-07-17 16:03 - 2021-07-17 16:03 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2936197079-2031653957-1620875053-1001
2021-07-17 16:03 - 2021-07-17 16:03 - 000000000 ___RD C:\Users\Jesse James\OneDrive
2021-07-17 16:02 - 2021-07-17 16:02 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2021-07-17 16:01 - 2021-07-17 16:01 - 000001446 _____ C:\Users\Jesse James\Desktop\Microsoft Edge.lnk
2021-07-17 16:01 - 2021-07-17 16:01 - 000000000 ____D C:\Users\Jesse James\AppData\Local\MicrosoftEdge
2021-07-17 16:01 - 2021-07-17 16:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-07-17 16:00 - 2021-07-17 16:03 - 000002385 _____ C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Packages
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\Users\Jesse James
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\ProgramData\Packages
2021-07-17 16:00 - 2021-07-17 16:00 - 000000020 ___SH C:\Users\Jesse James\ntuser.ini
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ___RD C:\Users\Jesse James\3D Objects
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Roaming\Adobe
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\VirtualStore
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Publishers
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\ConnectedDevicesPlatform
2021-07-17 15:59 - 2021-07-17 15:59 - 000000000 _SHDL C:\Documents and Settings
2021-07-17 15:57 - 2021-07-17 16:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-17 15:57 - 2021-07-17 16:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-17 15:57 - 2021-07-17 15:57 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-17 16:57 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2021-07-17 16:18 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2021-07-17 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-17 16:12 - 2019-12-07 02:03 - 000262144 _____ C:\Windows\system32\config\BBI
2021-07-17 16:09 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-17 16:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-17 16:03 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-17 16:03 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-17 16:01 - 2019-12-07 02:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-07-17 16:01 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\spool
2021-07-17 16:01 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-07-17 16:00 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-17 16:00 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-17 15:57 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-07-17 15:57 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-17 15:57 - 2019-12-07 02:03 - 000032768 _____ C:\Windows\system32\config\ELAM
==================== SigCheckExt =========================
2021-07-17 16:15 - 2021-07-17 15:46 - 002300416 _____ (Farbar) C:\Users\Jesse James\Downloads\iexplorer.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{7886fa40-e75a-11eb-a40c-b589338c8284}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {7886fa42-e75a-11eb-a40c-b589338c8284}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {7886fa40-e75a-11eb-a40c-b589338c8284}
device partition=\Device\HarddiskVolume1
path \EFI\Boot\BootX64.efi
description UEFI Hard Drive
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {7886fa44-e75a-11eb-a40c-b589338c8284}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {7886fa42-e75a-11eb-a40c-b589338c8284}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {7886fa44-e75a-11eb-a40c-b589338c8284}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{7886fa45-e75a-11eb-a40c-b589338c8284}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{7886fa45-e75a-11eb-a40c-b589338c8284}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {7886fa42-e75a-11eb-a40c-b589338c8284}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {7886fa44-e75a-11eb-a40c-b589338c8284}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {7886fa45-e75a-11eb-a40c-b589338c8284}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by Jesse James (17-07-2021 16:20:56)
Running from C:\Users\Jesse James\Downloads
Windows 10 Home Version 2004 19041.264 (X64) (2021-07-17 22:59:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2936197079-2031653957-1620875053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2936197079-2031653957-1620875053-503 - Limited - Disabled)
Guest (S-1-5-21-2936197079-2031653957-1620875053-501 - Limited - Disabled)
Jesse James (S-1-5-21-2936197079-2031653957-1620875053-1001 - Administrator - Enabled) => C:\Users\Jesse James
WDAGUtilityAccount (S-1-5-21-2936197079-2031653957-1620875053-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft OneDrive (HKU\S-1-5-21-2936197079-2031653957-1620875053-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2936197079-2031653957-1620875053-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:953.26 GB) (Free:928.4 GB) (97%)
==================== Faulty Device Manager Devices ============
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: FingerPrint
Description: FingerPrint
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft Basic Display Adapter
Description: Microsoft Basic Display Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/17/2021 04:12:38 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-6L2B19S$ via https://STM-KeyId-fb17d70d734870e919c4e8e603975e664e0e43de.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (07/17/2021 04:05:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-6L2B19S$ via https://STM-KeyId-fb17d70d734870e919c4e8e603975e664e0e43de.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/17/2021 04:05:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (07/17/2021 04:04:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Error: (07/17/2021 04:04:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
System errors:
=============
Error: (07/17/2021 04:04:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
Error: (07/17/2021 04:04:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
Error: (07/17/2021 04:01:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (07/17/2021 03:57:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error:
The device is not ready.
Windows Defender:
================
Date: 2021-07-17 16:18:10
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:18:10.693Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2021-07-17 16:17:48
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:17:48.507Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2021-07-17 16:16:11
Description:
C:\Users\Jesse James\Desktop\iexplorer.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:16:11.650Z
Path: %desktopdirectory%\
Process Name: C:\Users\Jesse James\Desktop\iexplorer.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
==================== Memory info ===========================
BIOS: Dell Inc. 1.8.2 05/21/2021
Motherboard: Dell Inc. 0CXCCY
Processor: Intel(R) Core(TM) i7-10875H CPU @ 2.30GHz
Percentage of memory in use: 17%
Total physical RAM: 16128.7 MB
Available physical RAM: 13303.33 MB
Total Virtual: 19072.7 MB
Available Virtual: 16306.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.26 GB) (Free:928.4 GB) NTFS
\\?\Volume{f37cd64d-a305-4a2e-817b-aa0a6186ea9c}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{3be66387-b5c7-464a-8172-0ca41a280c80}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
I've attached the logs too. Idk why but they are there. Lol
Partition: GPT.
==================== End of Addition.txt =======================
There's a lot of info here but I'll keep it short. Just ask me if you want more details.
Long story short, I have some type of Malware that infected my entire network of devices back in December. I've tried Everything to get rid of it.
Bought a new Dell XPS 17 9700, no matter how hard I tried it got infected (and no I didn't connect it to my Wi-Fi.
That's where I'm at today. Trying to fix the Dell XPS.
I've noticed a few key things to help, maybe.
- There were changes in my event log history that were related to CVE-2018-6622 (there were others too but that's the only one I can recall).
- The malware has direct access to my PCI assigned I/O addresses.
- Completely removing M.2 NVMe doesn't work.
- Tied re-flashing the BIOS too.
and a lot more stuff. Maybe I'm doing things in the wrong order. I just don't even know anymore.
Here's my logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by Jesse James (administrator) on DESKTOP-6L2B19S (Dell Inc. XPS 17 9700) (17-07-2021 16:20:03)
Running from C:\Users\Jesse James\Downloads
Loaded Profiles: Jesse James
Platform: Windows 10 Home Version 2004 19041.264 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-17 16:57 - 2021-07-17 15:58 - 000000000 ____D C:\Windows\Panther
2021-07-17 16:20 - 2021-07-17 16:20 - 000003601 _____ C:\Users\Jesse James\Downloads\FRST.txt
2021-07-17 16:19 - 2021-07-17 16:19 - 000000000 _____ C:\Users\Jesse James\Desktop\FRST.txt
2021-07-17 16:19 - 2021-07-17 16:19 - 000000000 _____ C:\Users\Jesse James\Desktop\Addition.txt
2021-07-17 16:17 - 2021-07-17 16:17 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Comms
2021-07-17 16:15 - 2021-07-17 16:20 - 000000000 ____D C:\FRST
2021-07-17 16:15 - 2021-07-17 15:46 - 002300416 _____ (Farbar) C:\Users\Jesse James\Downloads\iexplorer.exe
2021-07-17 16:09 - 2021-07-17 16:18 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-17 16:07 - 2021-07-17 16:07 - 000000000 ____D C:\Users\Jesse James\AppData\Local\ElevatedDiagnostics
2021-07-17 16:05 - 2021-07-17 16:05 - 000000000 ____D C:\Users\Jesse James\AppData\Local\OneDrive
2021-07-17 16:03 - 2021-07-17 16:03 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2936197079-2031653957-1620875053-1001
2021-07-17 16:03 - 2021-07-17 16:03 - 000000000 ___RD C:\Users\Jesse James\OneDrive
2021-07-17 16:02 - 2021-07-17 16:02 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2021-07-17 16:01 - 2021-07-17 16:01 - 000001446 _____ C:\Users\Jesse James\Desktop\Microsoft Edge.lnk
2021-07-17 16:01 - 2021-07-17 16:01 - 000000000 ____D C:\Users\Jesse James\AppData\Local\MicrosoftEdge
2021-07-17 16:01 - 2021-07-17 16:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-07-17 16:00 - 2021-07-17 16:03 - 000002385 _____ C:\Users\Jesse James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Packages
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\Users\Jesse James
2021-07-17 16:00 - 2021-07-17 16:03 - 000000000 ____D C:\ProgramData\Packages
2021-07-17 16:00 - 2021-07-17 16:00 - 000000020 ___SH C:\Users\Jesse James\ntuser.ini
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ___RD C:\Users\Jesse James\3D Objects
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Roaming\Adobe
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\VirtualStore
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\Publishers
2021-07-17 16:00 - 2021-07-17 16:00 - 000000000 ____D C:\Users\Jesse James\AppData\Local\ConnectedDevicesPlatform
2021-07-17 15:59 - 2021-07-17 15:59 - 000000000 _SHDL C:\Documents and Settings
2021-07-17 15:57 - 2021-07-17 16:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-17 15:57 - 2021-07-17 16:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-17 15:57 - 2021-07-17 15:57 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-17 15:57 - 2021-07-17 15:57 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-17 16:57 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2021-07-17 16:18 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2021-07-17 16:12 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-17 16:12 - 2019-12-07 02:03 - 000262144 _____ C:\Windows\system32\config\BBI
2021-07-17 16:09 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-17 16:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-17 16:03 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-17 16:03 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-17 16:01 - 2019-12-07 02:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-07-17 16:01 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\spool
2021-07-17 16:01 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-07-17 16:00 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-17 16:00 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-17 15:57 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-07-17 15:57 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-17 15:57 - 2019-12-07 02:03 - 000032768 _____ C:\Windows\system32\config\ELAM
==================== SigCheckExt =========================
2021-07-17 16:15 - 2021-07-17 15:46 - 002300416 _____ (Farbar) C:\Users\Jesse James\Downloads\iexplorer.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{7886fa40-e75a-11eb-a40c-b589338c8284}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {7886fa42-e75a-11eb-a40c-b589338c8284}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {7886fa40-e75a-11eb-a40c-b589338c8284}
device partition=\Device\HarddiskVolume1
path \EFI\Boot\BootX64.efi
description UEFI Hard Drive
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {7886fa44-e75a-11eb-a40c-b589338c8284}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {7886fa42-e75a-11eb-a40c-b589338c8284}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {7886fa44-e75a-11eb-a40c-b589338c8284}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{7886fa45-e75a-11eb-a40c-b589338c8284}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{7886fa45-e75a-11eb-a40c-b589338c8284}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {7886fa42-e75a-11eb-a40c-b589338c8284}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {7886fa44-e75a-11eb-a40c-b589338c8284}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {7886fa45-e75a-11eb-a40c-b589338c8284}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by Jesse James (17-07-2021 16:20:56)
Running from C:\Users\Jesse James\Downloads
Windows 10 Home Version 2004 19041.264 (X64) (2021-07-17 22:59:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2936197079-2031653957-1620875053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2936197079-2031653957-1620875053-503 - Limited - Disabled)
Guest (S-1-5-21-2936197079-2031653957-1620875053-501 - Limited - Disabled)
Jesse James (S-1-5-21-2936197079-2031653957-1620875053-1001 - Administrator - Enabled) => C:\Users\Jesse James
WDAGUtilityAccount (S-1-5-21-2936197079-2031653957-1620875053-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft OneDrive (HKU\S-1-5-21-2936197079-2031653957-1620875053-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2936197079-2031653957-1620875053-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:953.26 GB) (Free:928.4 GB) (97%)
==================== Faulty Device Manager Devices ============
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: FingerPrint
Description: FingerPrint
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft Basic Display Adapter
Description: Microsoft Basic Display Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/17/2021 04:12:38 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-6L2B19S$ via https://STM-KeyId-fb17d70d734870e919c4e8e603975e664e0e43de.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Error: (07/17/2021 04:12:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (07/17/2021 04:05:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-6L2B19S$ via https://STM-KeyId-fb17d70d734870e919c4e8e603975e664e0e43de.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/17/2021 04:05:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (07/17/2021 04:04:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
Error: (07/17/2021 04:04:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
System errors:
=============
Error: (07/17/2021 04:04:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
Error: (07/17/2021 04:04:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
Error: (07/17/2021 04:01:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (07/17/2021 03:57:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error:
The device is not ready.
Windows Defender:
================
Date: 2021-07-17 16:18:10
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:18:10.693Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2021-07-17 16:17:48
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:17:48.507Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
Date: 2021-07-17 16:16:11
Description:
C:\Users\Jesse James\Desktop\iexplorer.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2021-07-17T23:16:11.650Z
Path: %desktopdirectory%\
Process Name: C:\Users\Jesse James\Desktop\iexplorer.exe
Security intelligence Version: 1.303.25.0
Engine Version: 1.1.16400.2
Product Version: 4.18.1909.6
==================== Memory info ===========================
BIOS: Dell Inc. 1.8.2 05/21/2021
Motherboard: Dell Inc. 0CXCCY
Processor: Intel(R) Core(TM) i7-10875H CPU @ 2.30GHz
Percentage of memory in use: 17%
Total physical RAM: 16128.7 MB
Available physical RAM: 13303.33 MB
Total Virtual: 19072.7 MB
Available Virtual: 16306.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.26 GB) (Free:928.4 GB) NTFS
\\?\Volume{f37cd64d-a305-4a2e-817b-aa0a6186ea9c}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{3be66387-b5c7-464a-8172-0ca41a280c80}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
I've attached the logs too. Idk why but they are there. Lol
Partition: GPT.
==================== End of Addition.txt =======================