Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
My computer is an older computer that has become brutally slow with a myriad of pop-ups. The pop-ups are from a variety of anti-virus and anti-malware companies claiming that my computer has been compromised. Any help would be appreciated.
Below is from the FRST scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.03.2024 01
Ran by Andrew (administrator) on PC-DOWNSTAIRS (Dell Inc. XPS 8700) (23-03-2024 16:11:18)
Running from C:\Users\Andrew\Downloads\FRST64.exe
Loaded Profiles: Andrew
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Amazon.com Services LLC -> Amazon.com Inc.) C:\Users\Andrew\AppData\Local\Amazon Drive\AmazonPhotos.exe
(C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe ->) (Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ui\updateui.exe
(C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(Dropbox, Inc -> ) C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe
(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\24.045.0303.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(msiexec.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe
(msiexec.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\Fusion Studio 1.2\GoProFusionDeviceDetection.exe
(services.exe ->) (GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Services Manager -> ) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-09-18] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] (GoPro, Inc. -> )
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM\...\RunOnce: [!BCILauncher] => C:\WINDOWS\Temp\MUBSTemp\BCILauncher.EXE [18480 2024-03-23] (Microsoft Corporation -> ) <==== ATTENTION
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30919232 2019-03-19] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\Run: [Amazon Photos] => C:\Users\Andrew\AppData\Local\Amazon Drive\AmazonPhotos.exe [11396720 2024-03-08] (Amazon.com Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\Run: [MicrosoftEdgeAutoLaunch_F1673E5ED4C265388CE34C24EEBD84A5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060712 2024-03-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [66946080 2024-03-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\RunOnce: [Uninstall 24.040.0225.0003\i386] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q"
C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\24.040.0225.0003\i386" [0 2024-03-13] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\RunOnce: [Uninstall 24.040.0225.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\24.040.0225.0003" [0 2024-03-23] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp170: C:\Windows\System32\spool\prtprocs\x64\hpcpp170.dll [610080 2014-06-17] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp175: C:\Windows\System32\spool\prtprocs\x64\hpcpp175.dll [617712 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp180: C:\Windows\System32\spool\prtprocs\x64\hpcpp180.dll [647408 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [126704 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPMLM135: C:\WINDOWS\system32\hpmlm135.dll [237344 2014-06-17] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HPMLM180: C:\WINDOWS\system32\hpmlm180.dll [309488 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.58\Installer\chrmstp.exe [2024-03-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll [2014-06-03] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-06-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NetScaler Gateway.lnk [2020-12-18]
ShortcutTarget: NetScaler Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {BFAF5BC1-7007-46A3-854F-40779D7FF3BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {8D65079F-FF32-4994-AABE-EA516FD2046C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {CBAAE2F5-D401-4DE1-962D-793318B85051} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {F255D1A4-505C-43DC-8A47-3FD5EC265EA9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {872B19F5-359E-4CF9-BC7D-D8199426FB14} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [739168 2023-10-09] (Dell Inc -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {F30A3CDC-5362-4722-AF5D-F55FA4850F18} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) -> C:\Program Files (x86)\Dell Product Registration\\/boot /LSRC=autolaunch
Task: {248C5E2E-1CFB-4D23-BBB2-D7F64955D779} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) -> C:\Program Files (x86)\Dell Product Registration\\/updatecheck /LSRC=autolaunch
Task: {8524BD3F-A9D5-483D-9E14-29B562AF6EDC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2019-03-19] (Garmin International, Inc. -> )
Task: {57356ED9-2C4A-4A5B-B8B2-EF8F48F7F418} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6342.2{589F98FE-A62E-4960-AF5D-C712D246E1EC} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
Task: {92976BF5-B056-4368-A981-29E934F51DCC} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6359.0{5F9003A0-3740-48A5-8534-D4D0A2ABB066} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
Task: {A4E89E72-7F0E-4EFB-8F1E-CBAAD962416C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-17] (Intel® Services Manager -> )
Task: {6A81C1D2-C4F7-41C7-8EAB-3FDF82902DB9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-17] (Intel® Services Manager -> )
Task: {29E38095-22AB-4159-B9B3-9CF8953B3DEA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A38A741-6A69-4FAE-9CC1-E809B2EA7086} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F6588EF-3E12-4FC9-AE03-A2EA034F80BA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBBCEB6F-29B9-41DD-AD5C-12CE8FFFF487} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46B67F2A-FAD5-4250-9697-A39B12665C05} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [342736 2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {216CC944-7763-4E79-89E9-0E8FF8341620} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {EB30FEDE-01F4-45D3-8E57-4AADE39E7AC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9CBDC728-95D1-4E10-B437-65F4ECDA7FA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82597A6D-D590-4807-B389-6D5958C4D6F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC283EC1-2D27-4BD7-A684-7DA8768EFB4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.116
Tcpip\..\Interfaces\{3f3b97c2-85a3-4699-8b87-57a1f17bf68d}: [DhcpNameServer] 192.168.1.254 75.153.171.116
Tcpip\..\Interfaces\{594608cd-eadf-4a04-a0f2-5054ac193a5c}: [DhcpNameServer] 192.168.1.254 75.153.171.116
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-23]
Edge DownloadDir: Default -> C:\Users\Andrew\Downloads
Edge Notifications: Default -> hxxps://chat.telus.com; hxxps://mail.google.com; hxxps://telus.techsee.me; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://google.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-03-23]
Edge Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-04-12]
Edge Profile: C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-02-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-01-28]
Edge Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-25]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrew\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF Plugin: @Citrix.com/npagee64,version=11.1.63.15 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2020-01-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Citrix.com/npagee,version=11.1.63.15 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2020-01-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npagee.dll [2020-12-18]
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npagee64.dll [2020-12-18]
Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-09]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-03-23]
CHR Notifications: Profile 4 -> hxxps://alanxelsys.com; hxxps://mail.google.com
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-07]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-04]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-10]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 8 [2023-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-08]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 9 [2023-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-31]
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-09]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> )
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
S2 GoogleUpdaterInternalService124.0.6342.2; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterInternalService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
S2 GoogleUpdaterService124.0.6342.2; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] (GoPro, Inc. -> )
R2 GoProFusionDeviceDetectionService; C:\Program Files\GoPro\Fusion Studio 1.2\GoProFusionDeviceDetection.exe [41872 2018-05-31] (GoPro Media, Inc. -> )
R3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-01-17] (Intel® Services Manager -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-06] (Malwarebytes Inc. -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [223656 2020-01-16] (Citrix Systems, Inc. -> Citrix Systems, Inc)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [112616 2017-06-13] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R3 ctxva51; C:\WINDOWS\System32\drivers\ctxva51.sys [47720 2020-01-16] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 DNE; C:\WINDOWS\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R3 HPEWSFXBULK; C:\WINDOWS\system32\drivers\hpfx64bulk.sys [20504 2009-02-25] (Hewlett-Packard Company -> Hewlett Packard)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [138568 2021-08-19] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20928 2024-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [603416 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-03-23 16:11 - 2024-03-23 16:16 - 000034196 _____ C:\Users\Andrew\Downloads\FRST.txt
2024-03-23 16:06 - 2024-03-23 16:07 - 002391552 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2024-03-23 16:06 - 2024-03-23 16:06 - 002090496 _____ (Farbar) C:\Users\Andrew\Downloads\Unconfirmed 775258.crdownload
2024-03-23 15:40 - 2024-03-23 15:40 - 000001228 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk
2024-03-23 15:40 - 2024-03-23 15:40 - 000000000 ____D C:\Users\Andrew\AppData\Local\Amazon Drive
2024-03-13 22:33 - 2024-03-13 22:33 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-13 22:31 - 2024-03-13 22:31 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-13 21:31 - 2024-03-13 21:31 - 000000000 ___HD C:\$WinREAgent
2024-03-10 21:02 - 2024-03-10 21:02 - 000173541 _____ C:\Users\Andrew\Desktop\Langley_2023_copy.pdf
2024-03-10 17:34 - 2024-03-10 17:34 - 000001963 _____ C:\Users\Public\Desktop\TurboTax Canada 2023.lnk
2024-03-10 17:32 - 2024-03-10 17:47 - 000000000 ____D C:\Program Files (x86)\TurboTax 2023
2024-02-28 20:00 - 2024-02-28 20:00 - 000026724 _____ C:\Users\Andrew\Desktop\Donald - Extendicare Tax Receipt.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-03-23 16:15 - 2022-08-30 08:48 - 000000000 ____D C:\FRST
2024-03-23 16:15 - 2015-06-07 02:16 - 000000000 ___RD C:\Users\Andrew\OneDrive
2024-03-23 16:10 - 2021-11-07 11:39 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-03-23 16:10 - 2015-06-07 13:48 - 000000000 ____D C:\Users\Andrew\Documents\Outlook Files
2024-03-23 16:07 - 2022-10-13 19:47 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-03-23 16:07 - 2022-10-13 19:47 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-03-23 16:05 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-23 15:59 - 2023-12-13 11:07 - 000002388 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-23 15:59 - 2023-07-20 21:20 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4210094547-1222425090-1366728247-1001
2024-03-23 15:59 - 2021-12-11 22:31 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4210094547-1222425090-1366728247-1001
2024-03-23 15:51 - 2015-09-28 19:01 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Word
2024-03-23 15:49 - 2021-04-18 09:53 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-23 15:49 - 2021-04-18 09:53 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-23 15:46 - 2021-09-12 09:42 - 000001238 _____ C:\Users\Andrew\Desktop\Amazon Backup.lnk
2024-03-23 15:44 - 2021-12-16 00:52 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-23 15:44 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-23 15:44 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-23 15:44 - 2015-09-28 19:04 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Excel
2024-03-23 15:41 - 2022-11-13 12:54 - 000000000 ____D C:\Program Files\RUXIM
2024-03-23 15:26 - 2023-05-23 18:51 - 000000000 ____D C:\Users\Andrew\AppData\Local\Malwarebytes
2024-03-23 15:26 - 2020-12-18 03:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-16 17:38 - 2020-06-17 22:16 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-16 17:38 - 2020-06-17 22:16 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-13 23:24 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-13 23:21 - 2020-12-18 04:15 - 000792758 _____ C:\WINDOWS\system32\perfh00C.dat
2024-03-13 23:21 - 2020-12-18 04:15 - 000151678 _____ C:\WINDOWS\system32\perfc00C.dat
2024-03-13 23:21 - 2020-12-18 04:11 - 001769438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-13 23:20 - 2017-08-23 00:46 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-13 23:20 - 2015-02-15 07:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-03-13 23:18 - 2020-12-18 04:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-13 23:18 - 2020-12-18 03:53 - 000550160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-13 23:18 - 2020-12-18 03:53 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-13 23:17 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-13 23:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-13 23:15 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-13 22:48 - 2018-01-21 20:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-03-13 22:47 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-13 22:31 - 2020-12-18 03:56 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-13 20:44 - 2015-09-29 19:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-13 20:26 - 2015-09-29 19:21 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-13 20:16 - 2017-02-08 16:06 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2024-03-10 21:02 - 2023-04-30 21:21 - 000000518 _____ C:\Users\Andrew\Desktop\readme.txt
2024-03-10 20:52 - 2015-06-23 22:07 - 000000000 ____D C:\Users\Andrew\Documents\TurboTax
2024-03-10 17:35 - 2015-11-25 22:07 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Intuit Canada
2024-03-10 17:34 - 2015-11-25 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
2024-03-10 17:22 - 2015-11-25 22:07 - 000000000 ____D C:\ProgramData\Intuit Canada
2024-03-10 17:13 - 2020-12-18 04:21 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-10 17:13 - 2020-12-18 04:21 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
==================== Files in the root of some directories ========
2015-11-24 19:56 - 2015-11-24 19:56 - 000000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
And from the addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.03.2024 01
Ran by Andrew (23-03-2024 16:20:36)
Running from C:\Users\Andrew\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2020-12-18 10:22:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4210094547-1222425090-1366728247-500 - Administrator - Disabled) => C:\Users\Administrator
Andrew (S-1-5-21-4210094547-1222425090-1366728247-1001 - Administrator - Enabled) => C:\Users\Andrew
DefaultAccount (S-1-5-21-4210094547-1222425090-1366728247-503 - Limited - Disabled)
Guest (S-1-5-21-4210094547-1222425090-1366728247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4210094547-1222425090-1366728247-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4210094547-1222425090-1366728247-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.001.20615 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Photos (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\Amazon Photos) (Version: 9.3.0 - Amazon.com, Inc.)
ANT Drivers Installer x64 (HKLM\...\{6AE0802A-390F-4A82-B58B-A7F37F1FD82E}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{79899C6B-E315-4A3F-8904-02DEAB8D660D}) (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (HKLM\...\{B6DF7031-2843-44FD-9CAB-DECAB4257456}) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (HKLM\...\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CyberLink LabelPrint 2.5 (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3205.55 - CyberLink Corp.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{DB6164FC-CD98-471C-BD5B-5B14CAFA3186}) (Version: 3.14.2.45116 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{0B884FA0-BBEE-4573-B696-426AA39ED913}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2600102a-dac2-4b2a-8257-df60c573fc29}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.1.3 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.227 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{486DCE02-1FB0-4962-9CB3-4265F2D49126}) (Version: 6.13.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{A05A8CFE-F458-4731-BD47-01C675E8944C}) (Version: 6.13.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{b347cf7c-d07d-417b-b26a-8d6a851f696d}) (Version: 6.13.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.58 - Google LLC)
GoPro (HKLM\...\{1E92618C-EB66-4C4C-9F45-93EC6EF53273}) (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Fusion Studio 1.2 (HKLM\...\Fusion Studio 1.2) (Version: V1.2.1 - GoPro)
GoPro Studio (HKLM-x32\...\{99502BF0-655A-425D-8754-9EEC557D3D73}) (Version: 5.9.2733 - GoPro, Inc.) Hidden
GoPro VR Player 3.0 (HKLM\...\GoPro VR Player 3.0) (Version: V3.0.5 - GoPro)
Intel® Chipset Device Software (HKLM\...\{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}) (Version: 10.0.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{0FE18988-DE59-46FB-9EE7-D40DA5E98FEA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{C2A1F9AE-5E6B-4021-B1BA-72711EC5E558}) (Version: 10.0.0.1168 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}) (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{3DE97849-544D-4D68-9255-11DF6F9F10D8}) (Version: 1.35.127.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.20 (x64) (HKLM\...\{217B2755-3BAD-486B-9606-CCD0E6CF3BE8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM-x32\...\{403b0cfe-5969-462d-8eb2-aafde344360e}) (Version: 6.0.20.32620 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{90120064-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{90F60409-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 (HKLM\...\{F20396E5-D84E-3505-A7A8-7358F0155F6C}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 (HKLM\...\{FAAD7243-0141-3987-AA2F-E56B20F80E41}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
NetScaler Gateway Plug-in (HKLM\...\{DFC1D74E-A39C-4CC6-9ABD-EE3063285416}) (Version: 11.1.63.15 - Citrix Systems, Inc.)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
searcharchiver (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\searcharchiver) (Version: 1.0 - searcharchiver)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2016 (HKLM-x32\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2017 (HKLM-x32\...\{F06C8BF3-97D1-4C3C-B667-29DFB9AC5DAC}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2018 (HKLM-x32\...\{A44A24D7-CC5A-4C02-A702-F112B47089A9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2020 (HKLM-x32\...\{678D19A3-4C38-484F-A389-CB9585E34984}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2021 (HKLM-x32\...\{A770770F-2313-48A2-A041-57368944D0FC}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2021 (HKLM-x32\...\{D600ACFE-A46E-48A5-B9B4-52DAE0C55DF0}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2022 (HKLM-x32\...\{1912665A-30D4-4440-A9B2-B2EB7A6DA164}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2023 (HKLM-x32\...\{9A419B01-4198-4EF0-A01F-D807108C50E2}) (Version: 1.00.0000 - Intuit Canada)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
VFW_Codec32 (HKLM-x32\...\{4275850F-4E2E-4F60-9E73-8BD8F70891D3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{7010885D-3378-4C9B-B330-88271728EDE5}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9800 - Broadcom Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZipRarArchiver (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\ZipRarArchiver) (Version: 1.0 - ZipRarArchiver)
Zoom (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\ZoomUMX) (Version: 5.2.1 (44052.0816) - Zoom Video Communications, Inc.)
Chrome apps:
============
Docs (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\959c4c028269b4bc37cd1d7e0912491c) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\0f180356f20bcfef270f08ca9317891f) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\b16cf1e749999c7214ac17c747b19fe0) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\5c68ff27902b4cf26088627a2cddb21a) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\a093cc97fc02493e94f497cf4a7c597c) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\...\468088bfad98e6bf9063564a9379c065) (Version: 1.0 - Google\Chrome)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-23] ()
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-18] (Amazon.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.263.400.0_x64__kgqvnymyfvs32 [2024-03-16] (king.com)
Cut Paste Photo Edit -> C:\Program Files\WindowsApps\22546Cidade.CutPastePhotoEdit_3.0.9.0_x64__cjt5542sbwgmj [2022-08-05] (Cidade)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-28] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.13.0_x64__htrsf667h5kn2 [2024-02-15] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.20.3368.0_x64__rz1tebttyb220 [2024-02-26] (Dolby Laboratories)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-30] (Flipboard)
Font Candy - Typography Photo Editor -> C:\Program Files\WindowsApps\EasyTigerApps.FontCandy_3.0.1.10_x64__dgwy3a3h02hc6 [2017-10-23] (EasyTigerApps) [MS Ad]
GoPro MAX Exporter -> C:\Program Files\WindowsApps\GoPro.GoProMAXExporter_1.9.4.0_x64__1h9vz9xjm6b8c [2020-08-09] (GoPro)
Halo -> C:\Program Files\WindowsApps\Microsoft.Tomp_1.0.4723.0_x64__8wekyb3d8bbwe [2017-05-23] (Microsoft Studios)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-16] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2018-03-27] (McAfee Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [Startup Task]
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.6201.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Studios)
Movie Edit Touch -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieEditTouch2_4.36.71.0_x64__awcgk3qbzve1y [2016-02-29] (MAGIX Software GmbH)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Photo Editor Live -> C:\Program Files\WindowsApps\22546Cidade.PhotoEditorLive_1.1.0.1_x86__cjt5542sbwgmj [2016-01-30] (Cidade) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
Recording Studio -> C:\Program Files\WindowsApps\60708Glauco.RecordingStudio_34.5.0.0_x64__7fjyrzpehcxhr [2017-06-12] (Glauco) [MS Ad]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0 [2024-03-16] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4210094547-1222425090-1366728247-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4210094547-1222425090-1366728247-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-04] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-04] (SoftThinks -> )
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-07-12] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\system32\CFHD.dll [1334784 2016-05-12] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2016-05-12] (CineForm Inc.) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Andrew\Desktop\Andrew (telusplanet.net) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 9" --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Andrew (telusplanet.net) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2019-03-19 15:25 - 2019-03-19 15:25 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2024-03-08 16:08 - 2024-03-08 16:08 - 000799744 _____ () [File not signed] C:\Users\Andrew\AppData\Local\Amazon Drive\sqlite3.dll
2019-03-19 15:25 - 2019-03-19 15:25 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2019-03-19 15:27 - 2019-03-19 15:27 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-03-19 15:25 - 2019-03-19 15:25 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2019-03-19 15:25 - 2019-03-19 15:25 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2013-08-07 16:24 - 2013-08-07 16:24 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-08-07 16:24 - 2013-08-07 16:24 - 000514048 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2020-04-19 09:34 - 2020-04-19 09:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2015-09-28 18:30 - 2022-08-11 17:29 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-04-19 09:34 - 2020-04-19 09:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2016-01-29 11:51 - 2021-05-22 20:35 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll
2024-03-08 16:08 - 2024-03-08 16:08 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\Andrew\AppData\Local\Amazon Drive\crc32c.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2019-03-19 15:25 - 2019-03-19 15:25 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-4210094547-1222425090-1366728247-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-4210094547-1222425090-1366728247-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-4210094547-1222425090-1366728247-1001 -> DefaultScope {83907E20-E373-4656-8B43-E566B348F1B3} URL =
SearchScopes: HKU\S-1-5-21-4210094547-1222425090-1366728247-1001 -> {83907E20-E373-4656-8B43-E566B348F1B3} URL =
SearchScopes: HKU\S-1-5-21-4210094547-1222425090-1366728247-500 -> DefaultScope {83907E20-E373-4656-8B43-E566B348F1B3} URL =
SearchScopes: HKU\S-1-5-21-4210094547-1222425090-1366728247-500 -> {83907E20-E373-4656-8B43-E566B348F1B3} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2014-11-22] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2015-11-23] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2017 - {1215626F-14CA-4AA9-AE16-F7CBD13A3F3F} - C:\Program Files (x86)\TurboTax 2017\ic2017pp.dll [2018-04-13] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll [2019-04-13] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll [2021-04-01] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2021 - {B60E21DC-FB86-424A-BAA3-54B06685E3E7} - C:\Program Files (x86)\TurboTax 2021\ic2021pp.dll [2022-05-16] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2022 - {A1D08E43-AD6A-4092-8541-B7EFB3E60EC5} - C:\Program Files (x86)\TurboTax 2022\ic2022pp.dll [2023-05-10] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2023 - {84609304-3DF2-4FFD-B10F-5C0E643A4745} - C:\Program Files (x86)\TurboTax 2023\ic2023pp.dll [2024-02-28] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Dell\DW WLAN Card;;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-4210094547-1222425090-1366728247-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-4210094547-1222425090-1366728247-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254 - 75.153.171.116
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: DNE LightWeight Filter -> dni_dne (enabled)
Ethernet: DNE LightWeight Filter -> dni_dne (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5E55657C-AC5B-4C23-8F40-E3BA9344D119}] => (Allow) C:\Users\Andrew\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E6D7E9DE-4FCD-42EA-9CF8-E6F57173D743}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6527391A-1693-464A-BE37-1A7AABC333D2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7699A53E-8783-404A-AA44-FC4481FC2BC6}] => (Allow) C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D085B1D-06C6-4FA9-832A-4C89635436D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFEA359B-4F71-4F73-A08F-BF89B04100E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{03D5F354-6B8B-498F-9E6F-C920B2BDECCB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{301A9A66-42E0-4ED6-AEB7-6F72088A3C51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BCC9E05-20DA-430F-B2F5-FC63714A5809}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2EE00620-FDBD-4B5C-BB80-B1CC32F7477B}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{B74CC7D1-9BD5-468C-BA94-EA3260971B26}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [TCP Query User{3D91FAA8-BFF0-462D-922F-B39FFA946F34}C:\program files\citrix\secure access client\nsload.exe] => (Allow) C:\program files\citrix\secure access client\nsload.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [UDP Query User{D25DE8BD-11D3-4046-8D27-5C148C75642B}C:\program files\citrix\secure access client\nsload.exe] => (Allow) C:\program files\citrix\secure access client\nsload.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{B9683B4D-5448-4EC8-BEF0-5ECCE13B76CA}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe (GoPro, Inc. -> )
FirewallRules: [{CF54391A-81DF-4380-8C00-CB145BB46E49}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{B1F4FCAD-48B0-4C05-80CF-8F5B6398BC2C}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{B4276212-6FBF-496A-95AC-4850EDC61050}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{6D69F257-754C-4FDA-B9E8-7B469B28FE3C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35ABD0E9-E8BC-44DA-BE4F-D8AAB5C46461}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB5CD0D9-DA7F-4643-A236-A1CE98484AF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7A77638B-CC4C-4722-99C4-D7FAC08DCDD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D79031BF-F6E0-476C-9797-259F23A09154}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{03CF12E3-3282-4F19-93DF-7B70F30CCE12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D753095C-6C2A-4317-B1AE-495A704C9860}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C94472E9-7386-4EBD-82FB-99AD6C4C9982}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{081E6691-9938-4C00-9040-8F1D91B987B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{ED4B7428-0691-4C3B-AC29-734BCB36CA71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BB9027AB-FC1A-43B1-9263-9EE196686C5C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6231DFED-0A2D-4B81-9F8B-FFD173C7D90D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EFDBBCDA-1DF0-4BA2-B2B2-7AED7E618FC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{759E519B-BF15-4A57-BABD-4269A8DD2F2A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54FD47D7-421F-46DB-A285-7D0DBA55F395}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D7ABB52-AF47-4B03-8880-F235BE26DEE5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA0D8F94-73F2-49FF-BE20-8FBB0AE90D1B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
10-03-2024 17:22:29 Installed TurboTax / TurboImpôt 2023.
13-03-2024 21:27:18 Windows Modules Installer
13-03-2024 21:50:00 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/23/2024 03:45:57 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: PC-DOWNSTAIRS)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (03/23/2024 03:45:56 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: PC-DOWNSTAIRS)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (03/23/2024 03:43:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.4170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 878
Start Time: 01da7d6a979dca5b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 430d2b9b-7819-4290-b7e3-3da370475f81
Faulting package full name: Microsoft.Windows.Search_1.14.13.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Cross-thread
Error: (03/13/2024 08:52:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 14c8
Start Time: 01da6ab5e42c23fc
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: bf416325-5594-4fa6-a797-cb89b760e040
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.3636_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/13/2024 08:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC-Downstairs.local already in use; will try PC-Downstairs-2.local instead
Error: (03/13/2024 08:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 PC-Downstairs.local. Addr 169.254.214.139
Error: (03/13/2024 08:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:0E4E:3A2F:2954:7FEB:5353 4 PC-Downstairs.local. Addr 192.168.1.74
Error: (03/13/2024 08:44:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 PC-Downstairs.local. AAAA FE80:0000:0000:0000:0E4E:3A2F:2954:7FEB
System errors:
=============
Error: (03/23/2024 03:41:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {571B18B0-BBFD-5B29-ABBC-7133187B2DFB} did not register with DCOM within the required timeout.
Error: (03/23/2024 03:41:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The GoogleUpdater InternalService 124.0.6359.0 (GoogleUpdaterInternalService124.0.6359.0) service terminated with the following service-specific error:
Incorrect function.
Error: (03/23/2024 03:37:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {571B18B0-BBFD-5B29-ABBC-7133187B2DFB} did not register with DCOM within the required timeout.
Error: (03/23/2024 03:37:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The GoogleUpdater InternalService 124.0.6359.0 (GoogleUpdaterInternalService124.0.6359.0) service terminated with the following service-specific error:
Incorrect function.
Error: (03/23/2024 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {571B18B0-BBFD-5B29-ABBC-7133187B2DFB} did not register with DCOM within the required timeout.
Error: (03/23/2024 03:35:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The GoogleUpdater InternalService 124.0.6359.0 (GoogleUpdaterInternalService124.0.6359.0) service terminated with the following service-specific error:
Incorrect function.
Error: (03/13/2024 11:15:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (03/13/2024 11:15:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Windows Defender:
================
Date: 2024-03-23 16:20:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: BrowserModifier:MSIL/MediaArena
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\Andrew\Downloads\ziprar (1).exe; file:_C:\Users\Andrew\Downloads\ziprar.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Andrew\Downloads\FRST64.exe
Security intelligence Version: AV: 1.407.660.0, AS: 1.407.660.0, NIS: 1.407.660.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Date: 2024-03-23 16:20:30
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: BrowserModifier:MSIL/MediaArena
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\Andrew\Downloads\ziprar (1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Andrew\Downloads\FRST64.exe
Security intelligence Version: AV: 1.407.660.0, AS: 1.407.660.0, NIS: 1.407.660.0
Engine Version: AM: 1.1.24020.9, NIS: 1.1.24020.9
Date: 2024-03-16 18:02:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-03-10 21:11:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-03-04 09:11:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-03-23 15:54:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-03-23 15:54:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-03-23 15:54:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.482.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-03-13 20:32:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.253.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-03-13 20:32:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.253.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
CodeIntegrity:
===============
Date: 2024-03-13 20:08:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2023-11-16 01:48:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-28 00:29:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-09-27 20:23:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-31 16:57:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-07-24 15:08:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A09 11/22/2014
Motherboard: Dell Inc. 0KWVT8
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 73%
Total physical RAM: 8143.21 MB
Available physical RAM: 2164.16 MB
Total Virtual: 9871.21 MB
Available Virtual: 1641.64 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:920.85 GB) (Free:668.67 GB) (Model: ST1000DM003-1ER162) NTFS
Drive e: (NIKON D'0S) (Removable) (Total:14.9 GB) (Free:14.63 GB) FAT32
\\?\Volume{c1624ffc-7223-4f5e-887d-35f6eb2cdb9e}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS
\\?\Volume{08595b09-0334-465b-82d0-fcf8aa0523be}\ () (Fixed) (Total:0.87 GB) (Free:0.27 GB) NTFS
\\?\Volume{1ea10e6a-33f4-460a-9210-a9c519fe755d}\ (PBR Image) (Fixed) (Total:8.4 GB) (Free:0.73 GB) NTFS
\\?\Volume{26a57479-4395-45ec-bda0-b3917a7231b9}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5D302944)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
