WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Variously Funky---malware, gettin' old, or what?

Started by denno , Nov 29 2021 02:20 PM

This topic is locked

24 replies to this topic

#1 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 29 November 2021 - 02:20 PM

=whole post just vanished=

trying again:

Greetings

First a remark or three about Farbar:

Screenshot below showing that the opening screen asks me nothing about administration, and does not look exactly as described, which always throws me into a quandary.

Also, after it ran, the computer was locked up and had to be restarted with the power button.

Dell Inspiron 5579 Signature Editiion
Intel® Core™ i5-8250U CPU @ 1.60GHz 1.80 GHz

8GB
64 bit

Win 10

What is "Funky?"
Can't look at my Downloads folder----causes Windows Explorer "not responding"
Restarting from sleep mode (or whatever it times itself out to) --- sometimes just hit the spacebar; sometimes just click the power button; sometimes doesn't behave and after some back and forth I have to shut down with the power button and reboot.

I think more if I were keeping better track. But that's enough for openers.

============================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by miekro s dallallio (administrator) on MARLOWE (Dell Inc. Inspiron 5579) (29-11-2021 13:53:17)
Running from C:\Users\miekro s dallallio\Downloads
Loaded Profiles: miekro s dallallio
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\135.4.4221\QtWebEngineProcess.exe <2>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_e12f514e96bb8edd\aesm_service.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3974eac8be1c963f\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3974eac8be1c963f\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3974eac8be1c963f\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3974eac8be1c963f\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_7ed3bacbb0a8cc67\RstMwService.exe
(Jernej Simončič -> Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\bin\gimp-2.10.exe
(Jernej Simončič -> Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu\script-fu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Pro Softnet Corporation -> ) C:\Program Files (x86)\IDriveWindows\IDrivePlugin.exe
(Pro Softnet Corporation -> Pro Softnet Corporation) C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228776 2017-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489896 2017-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [127480 2017-11-06] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1189744 2017-06-27] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-10-01] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1983608 2021-10-01] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\Run: [A2B5869FD8B8006EE9E82A907CC275E910961241._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Windows x64\Print Processors\Canon MP490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9Y.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\WINDOWS\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP490 series: C:\WINDOWS\system32\CNMLM9Y.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\WINDOWS\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series XPS: C:\WINDOWS\system32\CNMXLMCK.DLL [409088 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-08-06] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11809DE3-54F3-41C3-AE11-A6DE6674816B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1AC2274F-0D9F-423C-932E-88558188BD44} - System32\Tasks\AdobeAAMUpdater-1.0-MARLOWE-miekro s dallallio => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2148579A-200C-461F-A9DB-867ADACE55B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {27D3E6EF-DAF0-4E07-B4A1-37B20BD5FD2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34FB6B45-00EE-4705-B8FE-0CC7BC630E25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5FA61388-3F95-4FDB-BDDE-8CA0284581A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Task: {671E3F5B-C759-410F-AFCD-CD968A296B48} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {725578C0-0ED6-4CD7-BCB4-E474226B1BF3} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [96520 2021-08-13] (Rivet Networks LLC -> DELL)
Task: {A17BCF39-3CEF-4930-A032-21BE470F69BB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A6DB1F9A-6F98-4B06-824F-069A948F9F55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Task: {BB6D6C23-2406-42FB-AC10-91A5E63C5510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {C57449B1-EB23-44E9-8DC3-AF9BD35B051C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe (No File)
Task: {DAF44296-95D3-4CFD-A8F3-41CB5740A91E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E92F49CE-BD0D-4076-921C-999A1066CA40} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [916840 2019-06-07] (Intel® Trust Services -> Intel® Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.172.1
Tcpip\..\Interfaces\{156de029-5fa1-4384-a05b-c3f8f39f0767}: [DhcpNameServer] 192.168.172.1
Tcpip\..\Interfaces\{70e6058b-ebbf-43b9-9b1e-faaf0fdd7bbe}: [DhcpNameServer] 192.168.172.1
Tcpip\..\Interfaces\{7842eb40-396f-465d-bf77-cba426c0a7ce}: [DhcpNameServer] 192.168.172.1 64.22.32.8 192.168.172.1
Tcpip\..\Interfaces\{7b231694-e60b-4539-a941-8a82796218dc}: [DhcpNameServer] 192.168.172.1
Tcpip\..\Interfaces\{8aebe390-acab-444d-869d-6b76825314f6}: [DhcpNameServer] 192.168.172.1 64.22.32.8 192.168.172.1
Tcpip\..\Interfaces\{ef89a22f-ce57-48e3-9c91-6ad4ed1215bd}: [DhcpNameServer] 192.168.24.46

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\miekro s dallallio\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-29]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\miekro s dallallio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-20]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: xy80m7xl.default
FF DefaultProfile: b1fl6hgv.default
FF ProfilePath: C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\xy80m7xl.default [2021-04-18]
FF ProfilePath: C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release [2021-11-29]
FF Homepage: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> hxxps://www.space.com
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: ebay@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: ddg@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: bing@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: amazondotcom@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\dhzs86vy.default-release -> Enabled: google@search.mozilla.org
FF Extension: (I don't care about cookies) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2021-10-28]
FF Extension: (New Tab Override) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\newtaboverride@agenedia.com.xpi [2021-05-26]
FF Extension: (Worldwide Radio) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\worldwide@radio.xpi [2021-09-13]
FF Extension: (Social Video Downloader) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\{00e68183-fc7d-4a91-b5cc-f7f8272386db}.xpi [2021-06-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-11-24]
FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2021-11-19]
FF Extension: (Video DownloadHelper) - C:\Users\miekro s dallallio\AppData\Roaming\Mozilla\Firefox\Profiles\dhzs86vy.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-01]
FF ProfilePath: C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default [2020-11-17]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-cs@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-de@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-fi@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Français Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-fr@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-gl@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-he@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-hu@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-it@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-ja@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-ko@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-nl@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-pl@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-ru@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-sl@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-sr@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\miekro s dallallio\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\b1fl6hgv.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2020-11-16] [Legacy] [not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default [2021-11-02]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-20]
CHR Extension: (Docs) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-20]
CHR Extension: (Google Drive) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-20]
CHR Extension: (Sheets) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-02]
CHR Extension: (Video Downloader PLUS) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2021-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]
CHR Extension: (Gmail) - C:\Users\miekro s dallallio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-10-12] (Dell Inc -> )
R2 IDriveE Service; C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe [157336 2018-02-12] (Pro Softnet Corporation -> Pro Softnet Corporation)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [395896 2021-10-01] (Pro Softnet Corporation -> Prosoftnet)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2020-05-22] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-09-27] (Malwarebytes Inc -> Malwarebytes)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2021-05-28] (Qualcomm Atheros, Inc. -> )
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1633040 2021-08-13] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2390800 2021-08-13] (Rivet Networks LLC -> Rivet Networks)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-27] (Malwarebytes Inc -> Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation -> Corel Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [166032 2021-08-13] (Intel Corporation -> Rivet Networks, LLC.)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 8\IFS64.sys [40520 2019-01-17] (Ashampoo GmbH & Co. KG -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 13:52 - 2021-11-29 13:52 - 000006916 _____ C:\Users\miekro s dallallio\AppData\Local\recently-used.xbel
2021-11-29 13:43 - 2021-11-29 13:43 - 002311680 _____ (Farbar) C:\Users\miekro s dallallio\Downloads\FRST64(4).exe
2021-11-29 13:36 - 2021-11-29 13:36 - 002311680 _____ (Farbar) C:\Users\miekro s dallallio\Downloads\FRST64(3).exe
2021-11-29 12:23 - 2021-11-29 12:23 - 000000754 _____ C:\Users\miekro s dallallio\Desktop\NOV 29.txt
2021-11-29 00:28 - 2021-11-29 00:29 - 626078737 _____ C:\Users\miekro s dallallio\Downloads\10000000_955637525039242_2024593668556780103_n.mp4
2021-11-28 23:16 - 2021-11-28 23:16 - 504370532 _____ C:\Users\miekro s dallallio\Downloads\90 reentry.mp4
2021-11-28 12:52 - 2021-11-28 20:16 - 000000763 _____ C:\Users\miekro s dallallio\Desktop\Ho Ho Fukkin Ho.txt
2021-11-26 16:49 - 2021-11-26 16:49 - 000000349 _____ C:\Users\miekro s dallallio\Desktop\Sunrise & Sunset.url
2021-11-25 10:03 - 2021-11-25 10:03 - 000000478 _____ C:\Users\miekro s dallallio\Desktop\YER BIG FARGIN THOUGHT FOR THE DAY.txt
2021-11-24 10:57 - 2021-11-24 10:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-24 10:03 - 2021-11-27 22:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-23 17:06 - 2021-11-27 22:25 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-11-23 11:38 - 2021-11-23 11:38 - 000000084 _____ C:\Users\miekro s dallallio\Desktop\increments.txt
2021-11-21 14:07 - 2021-11-21 14:07 - 000000769 _____ C:\Users\miekro s dallallio\Desktop\rilke poem.txt
2021-11-21 12:43 - 2021-11-26 10:53 - 000000604 _____ C:\Users\miekro s dallallio\Desktop\xmas1.txt
2021-11-19 09:06 - 2021-11-27 13:59 - 000007499 _____ C:\Users\miekro s dallallio\Desktop\relisting often nov19.txt
2021-11-18 12:11 - 2021-11-18 12:11 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1725785269-512999547-2818236412-1001
2021-11-18 12:11 - 2021-11-18 12:11 - 000002418 _____ C:\Users\miekro s dallallio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-16 09:58 - 2021-11-16 13:44 - 000001472 _____ C:\Users\miekro s dallallio\Desktop\Nota-Schmota.txt
2021-11-15 07:03 - 2021-11-16 14:52 - 000002099 _____ C:\Users\miekro s dallallio\Desktop\MONDAY RE-ENTRY.txt
2021-11-12 21:28 - 2021-11-12 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-11-12 00:28 - 2021-11-12 00:28 - 001328408 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2021-11-12 00:28 - 2021-11-12 00:28 - 001321984 _____ C:\WINDOWS\system32\FaceProcessor.dll
2021-11-12 00:28 - 2021-11-12 00:28 - 000503576 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2021-11-12 00:24 - 2021-11-12 00:24 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 00:23 - 2021-11-12 00:23 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 00:23 - 2021-11-12 00:23 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 00:21 - 2021-11-12 00:21 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 22:44 - 2021-11-11 22:44 - 000000000 ___HD C:\$WinREAgent
2021-11-11 22:35 - 2021-11-11 22:35 - 000001479 _____ C:\Users\miekro s dallallio\Documents\List of U.S wars.txt
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-11-10 20:09 - 2021-11-10 20:09 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-11-09 18:17 - 2021-11-09 18:17 - 000000411 _____ C:\Users\miekro s dallallio\Desktop\dir. to Slade Vet hosp.txt
2021-11-09 10:18 - 2021-11-09 10:18 - 000000012 _____ C:\Users\miekro s dallallio\Desktop\life n death.txt
2021-11-09 08:02 - 2021-11-14 10:32 - 000003322 _____ C:\Users\miekro s dallallio\Desktop\immediate list.txt
2021-11-08 10:21 - 2021-11-08 10:21 - 000015208 _____ C:\Users\miekro s dallallio\Desktop\21 11 08 --- post songwriters' workshop again.odt
2021-11-08 09:38 - 2021-11-10 21:07 - 000002798 _____ C:\Users\miekro s dallallio\Desktop\reentry 11-21.txt
2021-11-04 21:11 - 2021-11-04 21:11 - 011792608 _____ (Tim Kosse) C:\Users\miekro s dallallio\Downloads\FileZilla_3.56.2_win64-setup.exe
2021-11-04 18:54 - 2021-11-04 18:55 - 000000331 _____ C:\Users\miekro s dallallio\Desktop\Uranus Redux.url
2021-11-04 14:20 - 2021-11-04 14:20 - 000000000 ____D C:\WINDOWS\{20D7CF3A-C734-4F83-AD51-4EEB6D891407}
2021-11-04 10:03 - 2021-11-04 10:03 - 000001154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 10:03 - 2021-11-04 10:03 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 17:56 - 2021-11-02 17:59 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\DRmare Audio Capture
2021-11-02 17:56 - 2021-11-02 17:56 - 000000000 ____D C:\Users\miekro s dallallio\Documents\DRmare Audio Capture
2021-11-02 17:55 - 2021-11-23 19:51 - 000001196 _____ C:\Users\miekro s dallallio\Desktop\DRmare Audio Capture.lnk
2021-11-02 17:55 - 2021-11-02 17:55 - 019841816 _____ (DRmare, Inc. ) C:\Users\miekro s dallallio\Downloads\AudioCapture.exe
2021-11-02 17:55 - 2021-11-02 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DRmare Audio Capture
2021-11-02 17:55 - 2021-11-02 17:55 - 000000000 ____D C:\Program Files (x86)\DRmare Audio Capture
2021-11-02 17:53 - 2021-11-02 17:53 - 000001395 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2021-11-02 17:53 - 2021-11-02 17:53 - 000001249 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2021-11-02 17:53 - 2021-11-02 17:53 - 000000000 ____D C:\Users\miekro s dallallio\NCH Software Suite
2021-11-02 17:47 - 2021-11-02 17:47 - 002129480 _____ (MiniTool) C:\Users\miekro s dallallio\Downloads\mmm-setup.exe
2021-10-31 22:36 - 2021-10-31 22:37 - 000000194 _____ C:\Users\miekro s dallallio\Desktop\Jan 6.url
2021-10-31 20:35 - 2021-10-31 20:36 - 539458259 _____ C:\Users\miekro s dallallio\Downloads\10000000_694017988225386_7382923458055536223_n.mp4
2021-10-30 16:48 - 2021-10-30 16:48 - 000010112 _____ (Gibson Research Corp.) C:\Users\miekro s dallallio\Desktop\ClicKey.dll
2021-10-30 16:46 - 2021-10-30 16:46 - 000042560 _____ (Gibson Research Corp.) C:\Users\miekro s dallallio\Desktop\ClicKey.exe
2021-10-30 12:53 - 2021-10-30 12:54 - 020617858 _____ C:\Users\miekro s dallallio\Downloads\10000000_922982658650263_6256457482764898306_n.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 13:57 - 2021-04-16 10:06 - 000029664 _____ C:\Users\miekro s dallallio\Downloads\FRST.txt
2021-11-29 13:56 - 2021-04-16 10:03 - 000000000 ____D C:\FRST
2021-11-29 13:55 - 2020-05-20 21:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-29 13:54 - 2020-05-21 06:34 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\babl-0.1
2021-11-29 13:54 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-29 13:52 - 2020-05-21 06:40 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\gtk-2.0
2021-11-29 13:51 - 2020-05-22 22:42 - 000000000 ____D C:\Users\miekro s dallallio\Documents\TECH
2021-11-29 12:59 - 2021-03-18 14:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-29 12:19 - 2020-05-13 17:04 - 000000000 ____D C:\Users\miekro s dallallio\AppData\LocalLow\Mozilla
2021-11-29 11:58 - 2020-05-13 17:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-29 11:06 - 2021-10-15 14:56 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\Dropbox
2021-11-29 11:06 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-29 10:59 - 2020-05-13 16:38 - 000000000 __SHD C:\Users\miekro s dallallio\IntelGraphicsProfiles
2021-11-29 10:58 - 2021-03-18 15:01 - 000000000 ____D C:\Users\miekro s dallallio
2021-11-29 10:57 - 2021-03-18 15:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-29 10:57 - 2021-03-18 14:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-29 10:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-29 10:57 - 2018-02-17 01:56 - 000000000 ___HD C:\Intel
2021-11-29 02:43 - 2020-05-14 13:55 - 000000000 ____D C:\ProgramData\IDrive
2021-11-28 23:29 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-28 17:41 - 2020-05-15 13:55 - 000000000 ____D C:\Users\miekro s dallallio\Desktop\WEBCASTS
2021-11-28 15:01 - 2020-05-23 02:26 - 000000000 ____D C:\Users\miekro s dallallio\Desktop\things on hand to watch and read
2021-11-27 22:25 - 2020-05-13 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-27 21:27 - 2020-05-22 18:54 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Roaming\FileZilla
2021-11-27 12:19 - 2020-05-23 02:20 - 000056263 _____ C:\Users\miekro s dallallio\Desktop\Phone Numbers.txt
2021-11-26 09:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-26 09:54 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-25 17:32 - 2020-05-14 14:08 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Roaming\Zoom
2021-11-25 10:02 - 2020-07-17 17:11 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-24 10:57 - 2020-05-13 17:04 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-23 19:51 - 2021-10-15 15:04 - 000001299 _____ C:\Users\miekro s dallallio\Desktop\Dropbox.lnk
2021-11-22 13:35 - 2020-05-22 22:06 - 000000000 ____D C:\Users\miekro s dallallio\Documents\Business
2021-11-20 17:12 - 2021-03-18 15:15 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-19 20:08 - 2018-02-17 01:56 - 000000000 ____D C:\ProgramData\Dell
2021-11-19 15:15 - 2018-02-17 01:54 - 000000000 ____D C:\Program Files\Dell
2021-11-19 15:14 - 2018-02-17 01:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-19 12:12 - 2020-05-13 20:24 - 000000000 ____D C:\ProgramData\Packages
2021-11-18 19:59 - 2020-05-20 21:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-17 08:28 - 2021-04-12 23:03 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c334ea37dae
2021-11-17 08:28 - 2021-03-18 15:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-16 13:44 - 2021-03-30 02:43 - 000010722 _____ C:\Users\miekro s dallallio\Desktop\GIGGING.txt
2021-11-16 12:43 - 2020-05-14 13:55 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-11-15 23:14 - 2020-05-13 19:22 - 000000000 ____D C:\Users\miekro s dallallio\Documents\azzCardfile Files
2021-11-15 18:35 - 2020-08-26 07:28 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\CrashDumps
2021-11-15 11:46 - 2020-05-15 18:45 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\ElevatedDiagnostics
2021-11-15 10:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-11-13 01:08 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-13 00:58 - 2021-03-20 01:55 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\Notepad
2021-11-13 00:53 - 2021-03-18 14:49 - 003361816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-13 00:52 - 2021-10-15 14:56 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-11-13 00:52 - 2021-10-15 14:56 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-13 00:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-13 00:48 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 21:30 - 2021-10-15 14:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-11-12 12:49 - 2021-10-15 14:56 - 000003906 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-11-12 12:49 - 2021-10-15 14:56 - 000003674 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-11-11 22:40 - 2020-05-13 17:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-11 22:07 - 2020-05-13 17:05 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-10 20:59 - 2020-05-13 19:35 - 000000000 ____D C:\Users\miekro s dallallio\Documents\My Kindle Content
2021-11-09 17:55 - 2021-03-18 15:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-11-06 06:28 - 2021-10-29 09:59 - 000008459 _____ C:\Users\miekro s dallallio\Desktop\10-29.txt
2021-11-02 23:51 - 2020-05-13 20:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-02 18:00 - 2020-06-17 12:02 - 000000000 ____D C:\Users\miekro s dallallio\AppData\Local\D3DSCache
2021-11-02 17:53 - 2020-07-06 08:56 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2021-10-30 12:23 - 2021-10-12 12:02 - 000001207 _____ C:\Users\miekro s dallallio\Desktop\Songwriter Challenge #4.txt

==================== Files in the root of some directories ========

2021-04-23 22:12 - 2021-04-23 22:12 - 000000000 _____ () C:\Users\miekro s dallallio\DISM.exe
2021-11-29 13:52 - 2021-11-29 13:52 - 000006916 _____ () C:\Users\miekro s dallallio\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by miekro s dallallio (29-11-2021 14:01:51)
Running from C:\Users\miekro s dallallio\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2021-03-18 20:53:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1725785269-512999547-2818236412-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1725785269-512999547-2818236412-503 - Limited - Disabled)
Guest (S-1-5-21-1725785269-512999547-2818236412-501 - Limited - Disabled)
miekro s dallallio (S-1-5-21-1725785269-512999547-2818236412-1001 - Administrator - Enabled) => C:\Users\miekro s dallallio
WDAGUtilityAccount (S-1-5-21-1725785269-512999547-2818236412-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.21.3 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 8 (HKLM-x32\...\{4209F371-D192-F401-E058-BBF7CF126AEA}_is1) (Version: 8.00.12 - Ashampoo GmbH & Co. KG)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
azzCardfile 4.1 (HKLM-x32\...\azzCardfile_is1) (Version: - Antanas Zdramys)
BlueGriffon version 3.1 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 3.1 - Disruptive Innovations SAS)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 7.39 - NCH Software)
Dell Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{AAB336F0-6FC6-4BFE-AD7E-315FCDF20156}) (Version: 1.1.3750 - Screenovate Technologies Ltd.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.4.0 - Dell Inc.)
DRmare Audio Capture 1.6.0.13 (HKLM-x32\...\DRmare Audio Capture_is1) (Version: - DRmare, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 135.4.4221 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 8.28 - NCH Software)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 1.9.8.19 - Solvusoft Corporation)
FileZilla Client 3.49.1 (HKLM-x32\...\FileZilla Client) (Version: 3.49.1 - Tim Kosse)
GIMP 2.10.28 (HKLM\...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IDrive version 6.7.3.43 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.43 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.377 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
KeyBlaze Typing Tutor (HKLM-x32\...\KeyBlaze) (Version: 3.03 - NCH Software)
Macromedia Dreamweaver MX 2004 (HKLM-x32\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9233.1 - Waves Audio Ltd.) Hidden
Messenger 83.5.128 (HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 83.5.128 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movavi Video Editor Plus 2021 (HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\Movavi Video Editor Plus 2021) (Version: 21.3.0 - Movavi)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.11.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.3.2 (x64 en-US)) (Version: 91.3.2 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10527 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8184 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.11275 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{A0CDAD3D-0329-4E3E-8DC1-30E333D6564D}) (Version: 3.1.995 - Rivet Networks)
Typing Master 10 (HKLM-x32\...\{19B5F18A-1638-4037-AD44-CF7D0EEAB875}_is1) (Version: 10.00 - Typing Innovation Group Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Video Editor 2020 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92D9}}_is1) (Version: - VideoWin)
Wondershare Filmora X(Build 10.1.4.7) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.69.1.0_x86__kgqvnymyfvs32 [2021-11-18] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Classic FreeCell -> C:\Program Files\WindowsApps\19789RossBor.ClassicFreeCell_5.0.8.0_x64__bckpywbq9b7yj [2021-07-26] (RossBor)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2021-11-19] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2020-05-13] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-19] (Screenovate Technologies) [Startup Task]
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2020-05-13] (Dell Inc)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.70.3.0_x86__kgqvnymyfvs32 [2021-11-06] (king.com)
HD Movie Maker - PRO -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-PRO_3.3.4.0_x64__bzg06mxvgh4fa [2021-11-08] (V3TApps)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1020.0_x64__8j3eq9eme6ctt [2021-09-04] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.3.4.0_x64__bzg06mxvgh4fa [2021-11-08] (V3TApps)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-01] (Microsoft Corporation)
ProjectReunion.0.5 -> C:\Program Files\WindowsApps\Microsoft.ProjectReunion.0.5_0.52107.26000.0_x64__8wekyb3d8bbwe [2021-08-10] (Microsoft Corporation)
ProjectReunion.0.5 -> C:\Program Files\WindowsApps\Microsoft.ProjectReunion.0.5_0.52107.26000.0_x86__8wekyb3d8bbwe [2021-08-10] (Microsoft Corporation)
Sketchable -> C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_5.5.32.0_x64__r2kxzpx527qgj [2021-11-26] (Silicon Benders LLC)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1001.0_x64__rh07ty8m5nkag [2021-10-27] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-05-21] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1725785269-512999547-2818236412-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-1725785269-512999547-2818236412-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\miekro s dallallio\Dropbox [2021-10-15 15:04]
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-10-01] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-10-01] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-10-01] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2021-11-02] () [File not signed]
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-10-01] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-10-01] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-10-01] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3974eac8be1c963f\igfxDTCM.dll [2020-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2021-11-02] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-02 17:53 - 2021-11-02 17:53 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2021-09-17 22:52 - 2014-07-30 13:49 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2021-09-17 22:52 - 2014-07-30 13:47 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2021-09-17 22:51 - 2014-08-06 12:25 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2021-10-02 20:46 - 2021-10-01 17:06 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1725785269-512999547-2818236412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-1725785269-512999547-2818236412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
SearchScopes: HKLM -> DefaultScope {74F41844-25BD-4A8D-8D76-12E0485A4E10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR8&src=IE11TR&pc=DSJE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {74F41844-25BD-4A8D-8D76-12E0485A4E10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR8&src=IE11TR&pc=DSJE
SearchScopes: HKLM-x32 -> DefaultScope {74F41844-25BD-4A8D-8D76-12E0485A4E10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR8&src=IE11TR&pc=DSJE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {74F41844-25BD-4A8D-8D76-12E0485A4E10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRDLR8&src=IE11TR&pc=DSJE
SearchScopes: HKU\S-1-5-21-1725785269-512999547-2818236412-1001 -> DefaultScope {74F41844-25BD-4A8D-8D76-12E0485A4E10} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-06-23 20:41 - 2021-06-23 20:41 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1725785269-512999547-2818236412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\miekro s dallallio\Pictures\mars base.jpg
DNS Servers: 192.168.172.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1725785269-512999547-2818236412-1001\...\StartupApproved\Run: => "A2B5869FD8B8006EE9E82A907CC275E910961241._service_run"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{DFD50EFE-810A-4693-A44A-13CBB95CDCD9}C:\users\miekro s dallallio\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\miekro s dallallio\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [TCP Query User{EDB48EF5-2F7D-4411-8E8F-0B22DFF452CC}C:\users\miekro s dallallio\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\miekro s dallallio\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{FF04AE69-A213-4049-862D-4B4611F7FCA6}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{3C0935A2-E60C-4058-8138-EF3A8C4849B4}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{A02A02BB-7BF2-47D4-86A0-61D89E77D609}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{DC1622EE-776A-4607-9F87-D98D38690209}] => (Allow) C:\Program Files\FileZilla FTP Client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{F60F6DD5-DADB-470A-8B59-2C7859186C0E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E10012F2-FD68-4D22-A071-C4A4AD188492}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AA43B337-024A-4230-A12A-EA716F3E41E2}] => (Allow) C:\Users\miekro s dallallio\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9D66BC9F-67DA-41CC-B841-38F5A2FBE56C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{4B47F0FE-806F-4567-9D9A-4A205286F616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C91E2FAE-75D1-4F73-93F9-40CA74B0F9C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1E508C2E-503D-482C-915A-DF5EBF2DCBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F63832DC-F23D-4F23-AA6D-A266DF6D42F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E47F4770-1172-4B6F-A015-D1D492ECFE3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3F24D146-FFF9-40C7-8BAF-79C5FAD11487}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E80AF6DE-FCF3-42A3-8264-EF87A0E82A1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [TCP Query User{E9DFE2A0-5846-4A43-9DB9-EE8C3EF5257E}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Block) C:\users\public\documents\rsvs_lite\rsvsliteview.exe () [File not signed]
FirewallRules: [UDP Query User{67A4042A-6648-4AAF-9F23-C5747A4B407C}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Block) C:\users\public\documents\rsvs_lite\rsvsliteview.exe () [File not signed]
FirewallRules: [{A0F11681-58EE-41F0-BEE4-D2C7F1FC27EA}] => (Allow) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29A65618-8076-4A49-BFBC-354DA3419F36}] => (Allow) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F937AE43-5640-4590-A84B-C54F82A60749}] => (Allow) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0C822124-D174-4A2D-80AC-8B00DE302A11}] => (Allow) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{739C507F-7E87-46E4-BE15-73F944939BC2}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{FF55020B-D1F1-48AD-989B-4A8D6B5EA31A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{4763CBAD-CADC-4F1F-831B-BA9D64E587C8}] => (Allow) C:\Users\miekro s dallallio\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8875CC39-0C5E-4193-92F9-01DD4C3DB116}] => (Allow) C:\Users\miekro s dallallio\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EFB423A2-37C5-4D6C-83C9-FC33AA50B87F}] => (Allow) C:\Users\miekro s dallallio\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DE772F2D-6898-4B51-B2DB-A765CD1BE04C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F8473E57-A91A-411A-8534-25F1FA86F6ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A7F507E-C259-4CCD-B15A-A7C2E8F3ED5F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{669B51FD-08B4-4271-A13C-4F7D328D68A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{861B5276-BA91-4983-9CE3-734DFF9B3216}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{3D11FC77-31A3-413E-8DFB-81B83721397E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-11-2021 12:03:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (11/29/2021 01:50:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1348 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 208c

Start Time: 01d7e53a17fa6cd6

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 66302581-434b-4441-8dcb-54efff3bc93d

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/28/2021 11:27:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1348 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f44

Start Time: 01d7e4d64384a0c9

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 867e75c4-7d77-40f3-8ea9-137e3473943d

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/28/2021 11:25:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 4.1.9807.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3324

Start Time: 01d7e4d8e2d1e35f

Termination Time: 5

Application Path: C:\Program Files (x86)\OpenOffice 4\program\soffice.bin

Report Id: 3fc9e1e1-7edf-426d-b9e2-5a3f00cced1e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (11/28/2021 11:24:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1348 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3240

Start Time: 01d7e4d85b660323

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 9dfd8de8-4153-41f6-9c12-5032bd922b5e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/27/2021 09:10:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/21/2021 04:41:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/21/2021 09:46:33 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (11/21/2021 09:46:33 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (11/29/2021 11:05:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/29/2021 11:05:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

Error: (11/29/2021 11:03:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® SGX AESM service hung on starting.

Error: (11/29/2021 10:58:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DpmLiteDrv service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/29/2021 10:57:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:30:35 AM on ‎11/‎29/‎2021 was unexpected.

Error: (11/29/2021 10:53:18 AM) (Source: DCOM) (EventID: 10010) (User: MARLOWE)
Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout.

Error: (11/29/2021 06:37:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/29/2021 06:37:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Account Sign-in Assistant service to connect.

Windows Defender:
================
Date: 2021-11-27 08:53:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-26 10:37:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-25 00:21:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-24 10:20:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-24 03:09:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-29 11:06:11
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. 1.17.0 08/18/2021
Motherboard: Dell Inc. 0T9FN2
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 78%
Total physical RAM: 8025.32 MB
Available physical RAM: 1713.8 MB
Total Virtual: 13913.32 MB
Available Virtual: 1881.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.93 GB) (Free:638.15 GB) NTFS

\\?\Volume{10e1dbc6-aa4b-4b39-a845-b3bd78b45006}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.48 GB) NTFS
\\?\Volume{38e2abf7-ef9a-4e3a-8161-27caea9242f5}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 452B79D5)

Partition: GPT.

==================== End of Addition.txt =======================

=====================================================================

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 07 December 2021 - 08:33 AM

Sorry for the wait

I saw a couple of things which are minor

****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
Task: {C57449B1-EB23-44E9-8DC3-AF9BD35B051C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe (No File)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
FirewallRules: [{9D66BC9F-67DA-41CC-B841-38F5A2FBE56C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{4B47F0FE-806F-4567-9D9A-4A205286F616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C91E2FAE-75D1-4F73-93F9-40CA74B0F9C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1E508C2E-503D-482C-915A-DF5EBF2DCBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F63832DC-F23D-4F23-AA6D-A266DF6D42F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E47F4770-1172-4B6F-A015-D1D492ECFE3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3F24D146-FFF9-40C7-8BAF-79C5FAD11487}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E80AF6DE-FCF3-42A3-8264-EF87A0E82A1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Return to the Farbar Recovery Scan Tool app
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Post these 2 logs when finished.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 16 December 2021 - 04:16 PM

Hi--thanks for your response. First my septic backed up---twice; then a tree came down and took out house power, internet, phone. Astonishingly, only 3 days later we are all put back together.

I will try to get the scans done tonight.

Meanwhile, observing that a LOT of stuff is taking a long time opening---in the computer or online.

#4 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 17 December 2021 - 12:11 AM

oboy wotta mess

The computer has slowed down almost unusably.

I have run the new scan and fix---took at least 2 hours, during which the machine has rebooted itself (not counting the twice I had to force a reboot) a couple of times.
I am now trying to locate the fix file; using file explorer on Downloads, where I guess the file is, is taking forever. (Alternately "working on it" and Not Responding--current.)

This has taken hours.

OK. I can set Windows Explorer to search This Computer for Fixlog.txt, but the search either goes on forever or the window stops responding.

Pages are taking forever to download. Sometimes a program just won't open; like my email, Thunderbird.

Also, separate problem, fiber-optic is pretty messed up tonight. (It's lying on the ground from that tree...)

Any advice?

-denno

Edited by denno, 17 December 2021 - 02:43 AM.

#5 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 17 December 2021 - 06:45 AM

With being offline for a couple of days I would suspect several things are trying to update in the background which could be a long list.

What happens if you just let the computer sit idle?

Do you live in a tornado zone?, were there storms causing electrical outages?

#6 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 17 December 2021 - 10:32 AM

This morning things are pretty normal again.
In a minute I'm gonna try and open the Downloads folder.

We were not in that godawful tornado alley. New York near Albany. But strong winds that night all over the state. They go around every 3 years and trim branches mostly so snow won't bring them down on lines; but this one was a whole 50-60 foot pine.

Posting this while it is all behaving. Then a try at the fix file.

#7 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 17 December 2021 - 10:42 AM

OK----I went to Downloads in Windows Explorer and it promptly said "working on it" and "not responding." This has happened before with that folder.

First download of FRST put it on my desktop and after it ran that's where the files popped up. Not to this time.

I suppose I can some way change where things download to---but i don't want to muck with that property or this folder without advice. Got some?

Edited by denno, 17 December 2021 - 10:49 AM.

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 17 December 2021 - 11:13 AM

depending on which browser your using you can setup all downloads to be directed to desktop.

#9 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 17 December 2021 - 11:29 AM

I was thinking maybe you could try running the fix again and see if you can notice which folder it goes into

#10 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 17 December 2021 - 11:52 AM

I've got it asking me where to save downloads.
Ran the fix and here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by miekro s dallallio (17-12-2021 12:35:04) Run:3
Running from C:\Users\miekro s dallallio\Desktop
Loaded Profiles: miekro s dallallio
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {C57449B1-EB23-44E9-8DC3-AF9BD35B051C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe (No File)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S2 DpmLiteDrv; \??\c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [X]
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => -> No File
FirewallRules: [{9D66BC9F-67DA-41CC-B841-38F5A2FBE56C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{4B47F0FE-806F-4567-9D9A-4A205286F616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C91E2FAE-75D1-4F73-93F9-40CA74B0F9C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1E508C2E-503D-482C-915A-DF5EBF2DCBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F63832DC-F23D-4F23-AA6D-A266DF6D42F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E47F4770-1172-4B6F-A015-D1D492ECFE3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3F24D146-FFF9-40C7-8BAF-79C5FAD11487}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E80AF6DE-FCF3-42A3-8264-EF87A0E82A1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57449B1-EB23-44E9-8DC3-AF9BD35B051C}" => not found
"C:\WINDOWS\System32\Tasks\PCDEventLauncherTask" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => not found
HKLM\System\CurrentControlSet\Services\DBUtilDrv2 => removed successfully
DBUtilDrv2 => service removed successfully
DpmLiteDrv => service not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RecuvaShellExt => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D66BC9F-67DA-41CC-B841-38F5A2FBE56C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B47F0FE-806F-4567-9D9A-4A205286F616}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C91E2FAE-75D1-4F73-93F9-40CA74B0F9C3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E508C2E-503D-482C-915A-DF5EBF2DCBDA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F63832DC-F23D-4F23-AA6D-A266DF6D42F8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E47F4770-1172-4B6F-A015-D1D492ECFE3F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F24D146-FFF9-40C7-8BAF-79C5FAD11487}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E80AF6DE-FCF3-42A3-8264-EF87A0E82A1F}" => not found

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27444316 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 948 B
Edge => 0 B
Chrome => 0 B
Firefox => 333729088 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5092 B
miekro s dallallio => 955324 B

RecycleBin => 2019328 B
EmptyTemp: => 347.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:37:12 ====

Now....as to the AdwCleaner tool, it just demonstrates my solid gold conviction that any set of instructions I receive anywhere about software will not agree with what I see.
Lessee...opened it, ran it; it found 2 PUPS. But it didn't show a Repair and Clean button. Just "Next." That went to a page asking me what preinstalled software I wanted to quarantine.

This goes instantly over my paygrade!

I should likely tell you that though our first computer was a Commodore 64, I am still an uninventive user and stuff like the above stymies me. I do thank you for your patience. I sometimes need instructions on the Dick and Jane reading level.

Advertisements

Register to Remove

#11 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 17 December 2021 - 12:41 PM

Bulletin: Download folder now opening as it ought to.

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 18 December 2021 - 07:51 AM

OK, let me see if I can clear up a couple of things.

The Farbar tool ran as expected.

If it's asking you where you want to save logs/files while working on your machine
Please choose desktop so the log can be easily found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To help you find files and folders a bit easier let's try this:
Press Windows Key + S and type File Explorer.
Choose File Explorer Options from the list. When File Explorer Options window opens, go to View tab.
Locate Hidden files and folders option and select Show hidden files, folders, and drives.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

For AdwCleaner, there has been an update since I had used it last.
And what you described to what it found doesn't really sound malicious.

Double click AdwCleaner.exe to run it.
Click Scan Now
When the scan has finished a Scan Results window will open.
Please check all boxes and then click Quarantine
Click Next
If any pre-installed software was found on your machine, a prompt window will open ...
Click OK to close it
Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
Click Quarantine
A prompt to save your work will appear ...
Click Continue when you're ready to proceed.
A prompt to restart your computer will appear ...
Click Restart Now
Once your computer has restarted ...
If it doesn't open automatically, please start AdwCleaner ...
Click the Log Files tab ...
Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
A Notepad file will open containing the results of the removal.
Please post the contents of the file in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEXT**

This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications. ( P U A or P U P ).

I would suggest a free scan with the ESET Online Scanner.

Go to https://download.ese...linescanner.exe

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan
Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked View detected results.
Click The blue Save scan log to save the log.
If something was removed and you know it is a false finding, you may click on the blue Restore cleaned files ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for periodic scanning.

Please make sure you attach the log report.

#13 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 19 December 2021 - 12:27 PM

Thank you. I'll get this done tonight or tomorrow.

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 20 December 2021 - 07:17 AM

:thumbup:

#15 denno

Silver Member

Authentic Member
449 posts

Interests:Raising Golden Retrievers; folk-rock and Irish music (what I do); reading; DIY; websites; writing

Posted 25 December 2021 - 10:06 AM

Well, I'm sure it's tonight or tomorrow somewhere!

Yeah, the ESET scan did take an hour or more.

(So, question, is that itself an indicator of things running slowly?)

A quick question outside this issue-----friend of mine got her email address book hacked (I guess) and someone is sending out a money scam in her name. Do you know where she should look for help?

Thanks, and have some holiday!

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-24-2021
# Duration: 00:00:09
# OS:       Windows 10 Home
# Cleaned: 2
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3454 octets] - [18/04/2021 21:46:39]
AdwCleaner[C00].txt - [4178 octets] - [18/04/2021 21:57:43]
AdwCleaner[S01].txt - [2712 octets] - [17/12/2021 12:22:31]
AdwCleaner[S02].txt - [2773 octets] - [24/12/2021 20:24:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

=====================================================================================================

12/25/2021 10:33:36 AM
Files scanned: 791634
Detected files: 2
Cleaned files: 2
Total scan time 08:06:57
Scan status: Finished
C:\Users\miekro s dallallio\Documents\My Sites\S&P\httpdocs\index.htm JS/Tivso.Gen trojan cleaned by deleting

C:\Users\miekro s dallallio\Documents\My Sites\S&P\httpdocs\schedule.htm JS/Tivso.Gen trojan cleaned by deleting

Body Background

skin color theme