Solved Bank login

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  • Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. We are working to get everything back up as quickly as possible. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. We are working to have things back to normal. Emails are fixed and should now send properly. Thank you all for your patience. Thanks, PCHF Management
Status
Not open for further replies.
M

mike13

PCHF Member
Feb 17, 2022
117
4
75
My wife just opened her bank login page, where she would normally enter her USER ID and then her PASSWORD. To her surprise there was a user id already entered that she did not recognize. There was no password entered. She called the bank and they were useless. They said there was no activity on her account, and to just delete the user id that was there, and enter her own user id and password. She did that and everything seemed OK, but we still have an uneasy feeling about how that user id got entered there. Your thoughts please. I ran Malwarebytes, and the default Windows Security FULL scan. ?????
 
Here is the FRST.TXT file I hope
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.06.2024
Ran by Sally (administrator) on DESKTOP-QO12F0E (Dell Inc. Inspiron 3583) (18-06-2024 21:05:16)
Running from C:\Users\Sally\Downloads\FRST64 (1).exe
Loaded Profiles: Sally
Platform: Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_f47cef52ac4d1535\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f47cef52ac4d1535\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Dell Inc -> ) C:\Windows\Dell\DPS\ServiceShell.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f47cef52ac4d1535\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_bee333b3fb02dacb\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7ecf8d2b2b8c53e8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7ecf8d2b2b8c53e8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSysSvc64.exe
(svchost.exe ->) (Hewlett-Packard Company -> Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe [1256824 2021-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe [1774584 2021-02-19] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-13] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4899856 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Sally\AppData\Local\WebEx\ciscowebexstart.exe [4707152 2021-10-29] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\Run: [MicrosoftEdgeAutoLaunch_031B18C4AD1F95AB1064888434B1439C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883456 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [180224 2024-05-31] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG2900 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCB.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2900 series: C:\WINDOWS\system32\CNMLMCB.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0E88F0-819B-4CF0-90D9-F1FDB2D8201A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {2F7C18F5-2349-46FA-9661-910134F93552} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "ccced310-b63b-454a-85d7-94bbc26d1ac7" --version "6.24.11060" --silent
Task: {6AF49D6F-D283-448E-A8F9-E60E34374C38} - System32\Tasks\CCleanerSkipUAC - Sally => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DC1A085C-C279-406C-BBA5-6ACD2B8C3817} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-18] (HP Inc. -> HP Inc.)
Task: {311A8E01-D880-465A-ADD9-AA31FA50BEA0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-18] (HP Inc. -> HP Inc.)
Task: {01765906-77B7-437C-BFBF-81C491597276} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [43832 2013-01-28] (Hewlett-Packard Company -> Hewlett Packard)
Task: {B38AC02C-A302-45D6-A3F8-86A4F1C7C8EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B473AD6B-3B27-4C30-9622-9FF364078C58} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3CA3F7E-4B62-4964-BF68-7C180CCA2972} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {96C40379-13C7-403D-A89D-3879954C6AC0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {669E4640-5F89-44F6-81EC-488747F55DD9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B55D9F8C-349A-4030-AF7F-CA66CD37B16F} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [73728 2024-05-31] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B425F78D-7EC6-4DDE-B21E-F3B3B30C0B11} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {A313574C-9782-4A0D-A53A-A68278D6B0A1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {23892166-5329-4D0A-9909-7E95FC1C7F3B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {626D6F85-5C45-42F8-9680-FA6370C30B4E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {AD35BB0C-80D2-412E-9BE1-5494B723F431} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7385CDBF-19C1-4A38-BEB0-9BCB24E0321B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A97D4780-5975-4682-9926-7A995376D44E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2F3C1BD8-99CB-4E49-9DBF-89A0AE13D8DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5426808-5118-4BEA-9ECA-4D23E06F0A80} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA5CE31B-A5F4-4F91-8347-0A3E0DF4CF85} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-235708267-2675152675-3891083956-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{94953382-a1fa-49c7-a607-53d132e576f1}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{94953382-a1fa-49c7-a607-53d132e576f1}: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{b1348a15-53de-4a8e-b1ce-468068b38557}: [DhcpNameServer] 192.168.50.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Sally\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-18]
Edge DownloadDir: Default -> C:\Users\Sally\Downloads
Edge Notifications: Default -> hxxps://pchelpforum.net; hxxps://promail.ptd.net; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://www.ptd.net/
Edge StartupUrls: Default -> "hxxps://ptd.net/"
Edge Extension: (Google Docs Offline) - C:\Users\Sally\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-18]
Edge Extension: (Edge relevant text changes) - C:\Users\Sally\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-27] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012384 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
R2 Dell Platform Service; C:\WINDOWS\Dell\DPS\ServiceShell.exe [74016 2019-07-05] (Dell Inc -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncHelper.exe [3514384 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-18] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8895072 2024-06-18] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-18] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.108.0528.0005\OneDriveUpdaterService.exe [3853744 2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2021-05-28] (Qualcomm Atheros, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [544768 2023-10-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [188416 2023-10-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 DellDPSDrv; C:\WINDOWS\System32\drivers\DellDPS.sys [36632 2019-07-05] (Dell Inc -> )
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [37808 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234856 2024-06-18] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-06-18] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl8d9d5f2c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20CEB262-EF2C-4A51-B7AA-E59F473161F7}\MpKslDrv.sys [271648 2024-06-18] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslc3837ac1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20CEB262-EF2C-4A51-B7AA-E59F473161F7}\MpKslDrv.sys [271648 2024-06-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-31] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-18 21:05 - 2024-06-18 21:05 - 000021257 _____ C:\Users\Sally\Downloads\FRST.txt
2024-06-18 21:04 - 2024-06-18 21:05 - 000000000 ____D C:\FRST
2024-06-18 21:02 - 2024-06-18 21:04 - 002395136 _____ (Farbar) C:\Users\Sally\Downloads\FRST64 (1).exe
2024-06-18 21:02 - 2024-06-18 21:02 - 002395136 _____ (Farbar) C:\Users\Sally\Downloads\Unconfirmed 19699.crdownload
2024-06-18 21:02 - 2024-06-18 21:02 - 002093056 _____ (Farbar) C:\Users\Sally\Downloads\Unconfirmed 45783.crdownload
2024-06-18 20:57 - 2024-06-18 20:57 - 000234856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-06-18 20:57 - 2024-06-18 20:57 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-06-18 19:34 - 2024-06-18 19:34 - 000024821 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-18 19:31 - 2024-06-18 19:31 - 000024821 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-06-18 19:02 - 2024-06-18 19:02 - 000026064 _____ C:\WINDOWS\system32\lc.dat
2024-06-18 18:43 - 2024-06-18 18:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-06-18 18:43 - 2024-06-18 18:43 - 000002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-07 14:55 - 2024-06-07 14:55 - 000000000 ____D C:\WINDOWS\system32\%userprofile%
2024-06-05 23:52 - 2024-06-05 23:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-05-31 12:02 - 2024-03-04 00:19 - 001989744 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-31 12:02 - 2024-03-04 00:19 - 001989744 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-05-31 12:02 - 2024-03-04 00:19 - 001546352 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-31 12:02 - 2024-03-04 00:19 - 001546352 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-05-31 12:02 - 2024-03-04 00:19 - 001454192 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 001454192 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 001167472 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 001167472 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 000541768 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 000512736 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 000481888 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 000418528 _____ C:\WINDOWS\system32\ze_loader.dll
2024-05-31 12:02 - 2024-03-04 00:19 - 000179312 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 027984208 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 020708176 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 000979392 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 000738008 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 000621944 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-05-31 12:02 - 2024-03-04 00:18 - 000481048 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-05-31 12:01 - 2024-05-31 12:39 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-05-31 12:01 - 2024-05-31 12:01 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-05-31 12:01 - 2024-05-31 12:01 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-05-21 14:00 - 2024-05-21 14:00 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-18 21:07 - 2023-06-06 12:58 - 000000000 ____D C:\Users\Sally\AppData\Local\Malwarebytes
2024-06-18 21:02 - 2023-10-03 23:19 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-18 21:02 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2024-06-18 20:59 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-18 20:59 - 2021-02-25 21:37 - 000000000 ____D C:\Users\Sally\AppData\Local\D3DSCache
2024-06-18 20:57 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-18 20:57 - 2020-02-23 19:25 - 000000000 ____D C:\Program Files\CCleaner
2024-06-18 20:56 - 2023-10-03 23:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-18 20:56 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-18 20:56 - 2021-03-25 20:22 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-18 20:56 - 2020-02-23 18:56 - 000000000 __SHD C:\Users\Sally\IntelGraphicsProfiles
2024-06-18 20:56 - 2019-11-03 18:26 - 000000000 ____D C:\Intel
2024-06-18 20:18 - 2022-05-07 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-18 20:05 - 2023-10-03 23:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-18 20:02 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-18 20:02 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-18 20:02 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-18 19:46 - 2020-02-23 18:56 - 000000000 ____D C:\Users\Sally\AppData\Local\Packages
2024-06-18 19:45 - 2023-10-03 23:12 - 000473976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-18 19:45 - 2022-02-03 18:56 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-06-18 19:44 - 2024-01-16 13:43 - 000000000 ____D C:\WINDOWS\InboxApps
2024-06-18 19:44 - 2023-10-04 09:25 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-06-18 19:44 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-18 19:44 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\servicing
2024-06-18 19:42 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-18 19:34 - 2023-10-03 23:13 - 003216384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-18 19:11 - 2020-02-23 21:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-18 19:06 - 2020-02-23 21:31 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-18 19:00 - 2023-10-03 23:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-18 19:00 - 2021-10-05 12:14 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-06-18 18:46 - 2024-01-23 19:28 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-18 18:46 - 2020-07-10 17:23 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-18 18:46 - 2020-07-10 17:23 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-18 18:45 - 2020-08-24 16:30 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-06-18 18:45 - 2020-02-25 11:17 - 000002087 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-06-18 18:44 - 2020-02-25 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-06-18 18:44 - 2020-02-25 11:16 - 000000000 ____D C:\Program Files\Malwarebytes
2024-06-18 18:43 - 2023-10-03 23:17 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5947027F-F257-44C6-BAD4-1E1C8F8ACE21}
2024-06-18 18:43 - 2023-10-03 23:17 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-235708267-2675152675-3891083956-1001
2024-06-07 14:55 - 2023-10-03 23:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-07 14:55 - 2023-10-03 23:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-07 14:55 - 2022-01-27 12:52 - 000000000 ___RD C:\Users\Default\OneDrive
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-31 12:38 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-31 12:09 - 2022-04-07 12:46 - 000000000 ____D C:\Program Files\dotnet
2024-05-31 12:09 - 2019-11-03 18:29 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-31 11:55 - 2019-11-03 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-21 15:09 - 2020-05-11 12:58 - 000000000 ____D C:\Users\Sally\AppData\Roaming\Zoom
2024-05-21 14:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-21 14:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-21 14:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories ========

2020-03-12 13:32 - 2020-03-12 13:32 - 000038443 _____ () C:\Users\Sally\AppData\Roaming\Comma Separated Values.ADR

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Here is the ADDITION.TXT file
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.06.2024
Ran by Sally (18-06-2024 21:07:38)
Running from C:\Users\Sally\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) (2023-10-04 03:18:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-235708267-2675152675-3891083956-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-235708267-2675152675-3891083956-503 - Limited - Disabled)
Guest (S-1-5-21-235708267-2675152675-3891083956-501 - Limited - Disabled)
Sally (S-1-5-21-235708267-2675152675-3891083956-1001 - Administrator - Enabled) => C:\Users\Sally
WDAGUtilityAccount (S-1-5-21-235708267-2675152675-3891083956-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 6.24 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\ActiveTouchMeetingClient) (Version: 41.10.8 - Cisco Webex LLC)
Cricut Design Space (HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 6.6.121 - Cricut, Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{90BC69B6-C3DD-45E3-B2EE-354635A0329B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11000.25.1 - Nero AG) Hidden
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13295.984 - Hewlett-Packard)
HP LaserJet Pro MFP M127-M128 Fax (HKLM\...\{C5835004-643A-4EB6-A280-706F9F62F985}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax (HKLM-x32\...\{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax Driver (HKLM\...\{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 HP Device Toolbox (HKLM-x32\...\{612631AC-0D84-4116-9D8A-D2D63467B7BF}) (Version: 32.0.28.0 - Hewlett-Packard Co.) Hidden
HP LJ M127128 Scan HP Scan (HKLM-x32\...\{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (HKLM-x32\...\{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{30E20E5D-5E4E-4874-A35A-952DB3582C29}) (Version: 2.0.0.477 - HP) Hidden
HP Unified IO (HKLM-x32\...\{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}) (Version: 2.0.0.477 - HP) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{92374A19-CD4A-498F-92CB-26473EF31FB3}) (Version: 080.046.00111 - Hewlett-Packard) Hidden
Intel(R) Chipset Device Software (HKLM\...\{148D6ED8-24B8-443D-9C5B-5D6BF506671B}) (Version: 10.1.17903.8106 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.375 - Intel Corporation)
Intel(R) Icls (HKLM\...\{FB008000-F6E9-4A50-B4E1-B491A7F83547}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{72D77FC4-F72B-414C-8179-4DC5FBD0CD41}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2210 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{36A10AE5-8BCE-44A6-8548-11363F4A10E2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A605C249-8DDE-4D4A-8D11-739F412ED4E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{8225A775-0BFA-480E-945B-5C7128330BD5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6577 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Malwarebytes version 5.1.5.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.5.116 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.31 (x64) (HKLM\...\{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM\...\{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM\...\{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM-x32\...\{28c77e24-3d3a-47bc-9e4b-9f1381f40082}) (Version: 6.0.31.33717 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.61 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17628.20144 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.108.0528.0005 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{92418797-A53F-4B3E-A56A-F8B739B6F1FF}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{B12E6B2E-1E47-4D58-A45E-AA92A5F8F8FD}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26405 (HKLM\...\{A2999714-5C2C-3729-A911-4AE198B7B2FD}) (Version: 14.14.26405 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26405 (HKLM\...\{BCA8F863-9BAB-3398-B8E4-E1D0959D0943}) (Version: 14.14.26405 - Microsoft Corporation) Hidden
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (HKLM-x32\...\{63AA3EAB-23BB-48B2-9AD0-44F878075604}) (Version: 10.0.10300.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack Basic (HKLM-x32\...\{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}) (Version: 10.0.10300.1.0 - Nero AG) Hidden
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero BackItUp 10 Help (CHM) (HKLM-x32\...\{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}) (Version: 1.0.10500 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (HKLM-x32\...\{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}) (Version: 1.0.10500 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (HKLM-x32\...\{555868C6-49FB-484F-BB43-8980651A1B00}) (Version: 1.0.10500 - Nero AG) Hidden
Nero Control Center 10 (HKLM-x32\...\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}) (Version: 10.0.11500.1.0 - Nero AG) Hidden
Nero Core Components 10 (HKLM-x32\...\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}) (Version: 2.0.13100.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (HKLM-x32\...\{C3273C55-E1E4-41FF-8D69-0158090DB8D8}) (Version: 1.0.10500 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (HKLM-x32\...\{C18A0418-442A-4186-AF98-D08F5054A2FC}) (Version: 1.0.10500 - Nero AG) Hidden
Nero Dolby Files 10 (HKLM-x32\...\{C3580AC4-C827-4332-B935-9A282ED5BB97}) (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero Express 10 Help (CHM) (HKLM-x32\...\{33643918-7957-4839-92C7-EA96CB621A98}) (Version: 1.0.10500 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (HKLM-x32\...\{66049135-9659-4AAD-9169-9CCA269EBB3E}) (Version: 1.0.10500 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (HKLM-x32\...\{F467862A-D9CA-47ED-8D81-B4B3C9399272}) (Version: 1.0.10500 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero Recode 10 Help (CHM) (HKLM-x32\...\{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}) (Version: 1.0.10500 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (HKLM-x32\...\{92E25238-61A3-4ACD-A407-3C480EEF47A7}) (Version: 1.0.10500 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (HKLM-x32\...\{16987E99-C95C-4513-9239-7B44A0A71DB5}) (Version: 1.0.10500 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (HKLM-x32\...\{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}) (Version: 1.0.10500 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero Vision 10 Help (CHM) (HKLM-x32\...\{329411A0-19F3-4740-874F-17400B126F27}) (Version: 1.0.10500 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (HKLM-x32\...\{7A295D8F-484B-4FFB-89AB-C1FD497591FE}) (Version: 1.0.10500 - Nero AG) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20144 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10527 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9147.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
ZipRarArchiver (HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\ZipRarArchiver) (Version: 1.0 - ZipRarArchiver)
Zoom (HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)

Packages:
=========

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-18] (INTEL CORP) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_3.14.1.0_x64__kgqvnymyfvs32 [2024-06-06] (king.com)
Cricut Design Space For Beginners -> C:\Program Files\WindowsApps\64528WillieApplications.CricutDesignSpaceForBeginn_1.1.1.0_neutral__37q39jhqb390p [2020-04-11] (Willie Applications)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.41.12.0_x64__kgqvnymyfvs32 [2024-06-18] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.1.1072.0_x64__v10z8vjag6ke6 [2024-06-18] (HP Inc.)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-21] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2023-11-21] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-21] (Microsoft Corporation)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-03-19] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.30.0_x64__w1wdnht996qgy [2024-05-31] (LinkedIn) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corp.)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-10-04] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-06-18] (Microsoft Windows) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-05-06] (Netflix, Inc.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.12008.0_x64__8wekyb3d8bbwe [2024-06-18] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-14] (Microsoft Corporation)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2024-05-06] (Waves Audio)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-18] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-235708267-2675152675-3891083956-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Sally\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers2-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.108.0528.0005\FileSyncShell64.dll [2024-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-23] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sally\Downloads\FRST64 (1).exe:MBAM.Zone.Identifier [135]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-235708267-2675152675-3891083956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-235708267-2675152675-3891083956-1001 -> DefaultScope {BB257618-B096-4FD5-A6A4-56CA44E8C87B} URL =
SearchScopes: HKU\S-1-5-21-235708267-2675152675-3891083956-1001 -> {BB257618-B096-4FD5-A6A4-56CA44E8C87B} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-01-22 18:29 - 2023-01-22 18:29 - 000000089 __RSH C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-235708267-2675152675-3891083956-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sally\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\19742_en_1.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-235708267-2675152675-3891083956-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3573F7E6-1B63-4FFF-B48F-C6055A4B17BA}] => (Allow) C:\Users\Sally\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6A22DEB5-AA94-4CE2-A5DD-31DE49E052E8}] => (Allow) C:\Users\Sally\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8036E4C7-C656-404B-936B-4BBCF650169C}] => (Allow) C:\Users\Sally\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{FDC0430D-711F-4501-A1EB-DFEE8820FE1C}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1E6994B6-8181-4307-9481-1903EAEA5735}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEBCE6C3-050C-4D3F-90C7-EFF5FDDEB00A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D754DF3-6327-4588-94CF-0F43E4BE34D6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E79817E0-F34A-4859-BFA0-D93DAD0EC8DB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB4B9AFD-2104-4220-A290-C62ABC4E2229}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2D1CBB2-6A6F-4BF1-86D6-187966D8488A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BDED1492-FB9B-49C4-A411-B23A077640CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.120.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{321DF30F-FDCB-47F3-9015-F07AABF9B847}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.120.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9CFFDD04-92C1-44B8-8E25-26C7D99C0E34}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.120.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93EEA11D-71DE-40E2-BFF7-B93F913AE188}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.120.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

18-06-2024 20:02:32 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/18/2024 07:45:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (06/18/2024 07:45:17 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (06/13/2024 01:54:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/31/2024 12:10:01 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-QO12F0E)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.

Error: (05/21/2024 02:00:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (05/21/2024 02:00:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (05/21/2024 02:00:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/21/2024 02:00:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]


System errors:
=============
Error: (06/18/2024 08:00:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/18/2024 07:44:59 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (06/18/2024 07:44:59 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (06/18/2024 07:10:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QO12F0E)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/18/2024 06:45:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (06/18/2024 06:45:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (06/06/2024 12:09:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (06/05/2024 11:56:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.


Windows Defender:
================
Date: 2024-06-06 00:11:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-31 12:10:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-06 17:39:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-09 13:35:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-02 04:43:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2024-03-09 13:26:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.407.189.0
Previous security intelligence Version: 1.405.1102.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.24020.9
Previous Engine Version: 1.1.24020.9
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2024-03-09 13:26:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.407.189.0
Previous security intelligence Version: 1.405.1102.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.24020.9
Previous Engine Version: 1.1.24020.9
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

CodeIntegrity:
===============
Date: 2024-06-18 21:07:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2024-06-18 20:59:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7ecf8d2b2b8c53e8\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.29.0 03/15/2024
Motherboard: Dell Inc. 0WHCP7
Processor: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8067.91 MB
Available physical RAM: 3242.78 MB
Total Virtual: 9347.91 MB
Available Virtual: 4251.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:236.73 GB) (Free:162.34 GB) (Model: BC501 NVMe SK hynix 256GB) NTFS

\\?\Volume{3d6e8b40-da85-4f4d-aa0a-0b7249696b74}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.09 GB) NTFS
\\?\Volume{a6a8c276-8482-479b-9612-938fb811f029}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.58 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C9B54744)

Partition: GPT.

==================== End of Addition.txt =======================
 
I really see no cause for concern, did anyone else have access to the computer?




Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code: 
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B425F78D-7EC6-4DDE-B21E-F3B3B30C0B11} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {A313574C-9782-4A0D-A53A-A68278D6B0A1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {23892166-5329-4D0A-9909-7E95FC1C7F3B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {626D6F85-5C45-42F8-9680-FA6370C30B4E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
AlternateDataStreams: C:\Users\Sally\Downloads\FRST64 (1).exe:MBAM.Zone.Identifier [135]
SearchScopes: HKU\S-1-5-21-235708267-2675152675-3891083956-1001 -> DefaultScope {BB257618-B096-4FD5-A6A4-56CA44E8C87B} URL =
SearchScopes: HKU\S-1-5-21-235708267-2675152675-3891083956-1001 -> {BB257618-B096-4FD5-A6A4-56CA44E8C87B} URL =
2023-01-22 18:29 - 2023-01-22 18:29 - 000000089 __RSH C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
Hosts:
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::



Adware Cleaner



  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me



Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please Copy and paste that log here in your next post
 
To be sure, to be sure.....

Why not change your PC login password, and your online bank account password for good measure.
And setup MFA on the bank access.
 
  • Like
Reactions: Malnutrition
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-23-2024
# Duration: 00:00:01
# OS: Windows 11 (Build 22631.3737)
# Cleaned: 19
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\AskToolbarInfo
Deleted HKCU\Software\Ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Deleted HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4056 octets] - [23/06/2024 12:00:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2024
# Duration: 00:00:10
# OS: Windows 11 (Build 22631.3737)
# Scanned: 32101
# Detected: 23


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Ask HKCU\Software\Ask.com
PUP.Optional.Legacy HKCU\Software\AppDataLow\AskToolbarInfo
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\GenericAskToolbar.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Folder C:\Users\Sally\Documents\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2024
# Duration: 00:00:10
# OS: Windows 11 (Build 22631.3737)
# Scanned: 32099
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Folder C:\Users\Sally\Documents\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [4056 octets] - [23/06/2024 12:00:15]
AdwCleaner[C00].txt - [3565 octets] - [23/06/2024 12:02:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
It seemed like the Adwcleaner and the Security check were identical ?? I changed the bank password, and it appears everything is OK Many thanks for for help.
 
mike13 said:
It seemed like the Adwcleaner and the Security check were identical ??
Click to expand...


No, you just ran Adware Cleaner multiple times. But I am going to close this thread as solved, since you are happy no need to build confusion.
 
Status
Not open for further replies.
Top Bottom