I got a Dell Alienware M17 R5 AMD laptop that I was so excited for, and about a month after acquiring it, I noticed weird problems, new downloads, processes and services running that I didn't recognize or use before, so many weird issues. Examples: a bunch of my apps seemed to re-download, and their sizes were all 16.0 kb; I would change a setting, anything really, and it would snap back to its prior...setting...right away. Some processes are permanently "suspended" like Search and a few others; My laptop came with Windows 11 but I see "Windows 10" all over the place; I can't seem to change my wifi network names or pws when I try to do so; I will randomly have 6 instances of ms edge running, and ms edge webviewer, when I never use that browser - I end the processes and they either start right back up or wait a few minutes, then they are back on. There are a TON of users on my new system, stuff I would never create, names like "REMOTE INTERACTIVE LOGON", "Remote Management Users", "Service asserted identity", "TERMINAL SERVER USER", "Hyper-V Administrators", and if these are all just normal...why are they? They all make me think a network is right there, but I can't find it. What else...I had my wifi adapter turned off but I feel like the machine was still connected to some sort of network or the internet...it just seemed like it was making the same noises/cycling through the fan/having the same delays as when I would be downloading files or watching online videos or something. Anyway, I'd love to just be paranoid about this...the problem is that my old laptop, the one this replaced, crashed in December after many of the same/similar issues. I blamed its advanced age but who knows. Any help would be so amazing, thank you! Logs from FRST will be in my next post.
-
IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
fredp333
- Status
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-04-2023
Ran by fredp (administrator) on DESKTOP-HKKIPON (Alienware Alienware m17 R5 AMD) (06-04-2023 19:26:10)
Running from C:\Users\fredp\OneDrive\Desktop
Loaded Profiles: fredp
Platform: Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe ->) (EXPRSVPN LLC -> The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\services\openvpn.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\OCControlService\OCControl.Service.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserSessionAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\Settings\PowerToys.Settings.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.62\msedgewebview2.exe <6>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atieclxx.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Chrome\Application\chrome.exe <16>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe
(services.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <3>
(sihost.exe ->) (F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592 -> ) C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2\Win32\AlienwareOn-ScreenDisplay.exe
(svchost.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe <2>
(svchost.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.sechealthui_1000.25305.1000.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.yourphone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2302.21002-0\SecurityHealthHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596792 2022-09-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [I19E] => C:\WINDOWS\twain_32\Brimi19e\Common\TwDsUiLaunch.exe [85944 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3591168 2022-10-09] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3671040 2023-01-09] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [Google Update] => C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2023-03-30] (Google LLC -> Google LLC)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [854376 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0868C196-60E4-4327-99B0-94F17E7E4059} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_fredp => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [6103432 2022-03-14] (Janos Mathe -> H.D.S. Hungary)
Task: {0C5705A0-3D7E-4151-8E76-F64D2EF215D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {17AB446C-7644-4CCD-BEC6-C87F86C53404} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {2729F51C-003C-4E67-9BFF-9050524C73BC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {27919CDE-0CD8-4096-8383-5412D45AB6E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3B0FF6B3-19E5-4C97-AA6D-A969648F6816} - System32\Tasks\PowerToys\Autorun for fredp => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {43DF4E4F-4607-40A2-8D6C-5D404EACEBFB} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
Task: {48752BE8-3146-4F12-9E3F-439D6B158167} - System32\Tasks\iGoAudioTask => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {4B4D9B4C-F6C4-4AF0-8C54-50DB2961B2E5} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5CA579F3-8DD3-4AF3-8EF0-18D4AB068ED7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [665952 2023-01-31] (Dell Inc -> Dell Inc.)
Task: {6476CF37-014F-4796-80A8-A6AF70344867} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {65A25EC7-DFFC-4651-9FA0-24B3333F6276} - System32\Tasks\iGoAudioTaskSession => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {79B73759-E18B-4E3C-BC46-5C0A6719778A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {800E6E64-B951-4AF2-981C-1E683ACFCB9E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8C7561CD-2AB8-4FC9-99D3-FEB67631CA92} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90187184-4F9C-47F3-935D-6F120623EA30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {93F40677-88F4-4D49-8BCE-D536316889E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3CF2F5D-24BF-428D-A634-4DC5F5CF6EC0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168880 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B412C791-183E-4F21-88D8-02A039A30141} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE571543-1CFD-4C34-811E-22C3B81D4A82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C3C31023-B4E7-435A-86F5-D661E6FF8592} - System32\Tasks\AWCC\Update => C:\Program Files (x86)\InstallShield Installation Information\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}\Update\IMSilentUpdate.exe [19888 2023-02-06] (Dell Inc -> )
Task: {D17368D8-8FCC-4D46-9DCD-B0DB96FF977F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D88DD38D-82D3-4A0D-B59D-FBDE0C0E89C0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {E4548A1B-0351-4B5A-AF67-620D83C97EE2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.131.0.1
Tcpip\..\Interfaces\{1c6e5fee-2fa5-4be9-86f0-17fff26595be}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{215f2c17-614a-4fc6-80f0-54b3556e6a28}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{6bdb5fe4-356c-49dd-a681-34ee3faa2bc2}: [NameServer] 100.64.100.1
Tcpip\..\Interfaces\{9f890a1d-c7d1-4c16-8d2d-c330cd7f5500}: [DhcpNameServer] 10.131.0.1
Edge:
=======
Edge Profile: C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-06]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default [2023-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-31]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Alienware Digital Delivery Services; C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-11-07] (Dell Inc -> )
R2 Alienware SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2022-10-26] (Dell Inc -> Dell INC.)
R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [20912 2023-02-22] (Dell Inc -> Dell Technologies)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [372736 2023-01-04] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-11-18] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-08-16] (Dell Inc -> Dell)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe [2299944 2022-08-17] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IgoAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe [35000 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-01-31] (Dell Inc -> Dell Inc.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-11-10] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19456 2022-11-10] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_3f818c4efacb8c98\amdacpafd.sys [412624 2022-08-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35360 2022-06-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdpmf; C:\WINDOWS\System32\drivers\amdpmf.sys [105416 2021-12-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Program Files\Alienware\AMDRyzenMasterDriver\bin\AMDRyzenMasterDriver.sys [43336 2022-12-14] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\amdkmdag.sys [94462328 2022-09-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdwirelessbutton; C:\WINDOWS\System32\drivers\amdwirelessbutton.sys [41712 2021-12-22] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AWCCDriver; C:\WINDOWS\System32\drivers\AWCCDriver.sys [42448 2023-01-19] (IndiLogic LLC -> Dell Inc.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [47472 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [42456 2021-09-29] (Dell Inc -> OSR Open Systems Resources, Inc.)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2023-03-20] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [56552 2023-03-20] (Express VPN International Ltd. -> ExpressVPN)
S3 IntcSdwBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_4f92127e9a9f0760\IntcSdwBus.sys [509992 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
S3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87208 2021-09-17] (Intel Corporation -> Intel Corporation)
R3 MTKBTFilterX64; C:\WINDOWS\System32\drivers\mtkbtfilterx.sys [381360 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1656696 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [231496 2022-05-30] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 rt25cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_89da3c8218c64ec3\rt25cx21x64.sys [652264 2022-05-20] (Realtek Semiconductor Corp. -> Realtek)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2023-03-20] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49608 2023-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [495896 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-06 18:42 - 2023-04-06 18:42 - 004245976 _ (Irfan Skiljan) C:\Users\fredp\Downloads\iview462_x64_setup.exe
2023-04-06 18:42 - 2023-04-06 18:42 - 000000000 ____D C:\Users\fredp\AppData\Roaming\IrfanView
2023-04-06 18:42 - 2023-04-06 18:42 - 000000000 ____D C:\Program Files\IrfanView
2023-04-06 18:40 - 2023-04-06 18:40 - 000000000 ____D C:\Users\fredp\AppData\Local\ElevatedDiagnostics
2023-04-06 10:01 - 2023-04-06 10:01 - 000001063 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2023-04-06 09:59 - 2023-04-06 09:59 - 095927184 _ C:\Users\fredp\Downloads\torbrowser-install-win64-12.0.4_ALL.exe
2023-04-06 05:19 - 2023-04-06 18:59 - 000000000 ____D C:\Users\fredp\AppData\Local\CrashDumps
2023-04-05 23:48 - 2023-04-05 23:53 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\HardDiskSentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\Users\Default\AppData\Local\Dell
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\ProgramData\Alienware Command Center
2023-04-05 22:32 - 2023-04-05 22:32 - 000000000 ____D C:\WINDOWS\Minidump
2023-04-05 22:30 - 2023-04-05 22:31 - 000000000 ____D C:\AdwCleaner
2023-04-05 22:03 - 2023-04-06 19:26 - 000000000 ____D C:\FRST
2023-04-03 23:24 - 2023-04-03 23:24 - 000000000 _ C:\WINDOWS\invcol.tmp
2023-04-01 23:46 - 2023-04-01 23:56 - 000003280 _ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-31 10:55 - 2023-04-06 18:36 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000003642 _ C:\WINDOWS\system32\Tasks\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Brother
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Local\Brother
2023-03-31 10:53 - 2023-03-31 10:56 - 000000000 ____D C:\Program Files (x86)\Browny02
2023-03-31 10:53 - 2023-03-31 10:53 - 000002127 _ C:\Users\Public\Desktop\Brother Creative Center.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000001692 _ C:\Users\Public\Desktop\Brother Utilities.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000964 _ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxTx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxRx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\PC-FAXReceive
2023-03-31 10:53 - 2019-10-29 12:52 - 000318464 _ ( ) C:\WINDOWS\system32\BrFaxTxAppRunA64.dll
2023-03-31 10:53 - 2019-10-29 12:52 - 000000000 _ C:\WINDOWS\Brpfx04a.ini
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () C:\WINDOWS\system32\BrNetSti.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000670208 _ C:\WINDOWS\system32\NSSRH64.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000072192 _ () C:\WINDOWS\system32\BrWiaNCp.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000065024 _ () C:\WINDOWS\system32\Brnsplg.dll
2023-03-31 10:43 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\Brother
2023-03-31 10:38 - 2023-03-31 10:42 - 277743840 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\Y20C_C2_UWC_PP-usa-inst-B2.EXE
2023-03-31 10:36 - 2023-03-31 10:47 - 000000000 ____D C:\ProgramData\Brother
2023-03-31 10:34 - 2023-03-31 10:35 - 000000000 ____D C:\Users\fredp\Downloads\EasySetup_2_0_16_1
2023-03-31 10:18 - 2023-03-31 10:19 - 073119328 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\EasySetup_2_0_16_1.EXE
2023-03-31 01:28 - 2023-03-31 01:28 - 000000000 ___HD C:\$WinREAgent
2023-03-31 00:55 - 2023-04-06 18:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2023-03-31 00:55 - 2023-03-31 00:55 - 000000000 ____D C:\Program Files\PowerToys
2023-03-31 00:50 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\OneDrive
2023-03-31 00:45 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000002174 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000002162 _ C:\Users\Public\Desktop\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\OneNote Notebooks
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ToastNotificationManagerCompat
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\ProgramData\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2023-03-31 00:45 - 2023-01-26 16:31 - 000000173 ____R C:\Users\fredp\OneDrive\Documents\Fred's Notebook.url
2023-03-31 00:34 - 2023-03-31 00:34 - 000000000 ____D C:\Program Files (x86)\DummyDir
2023-03-31 00:28 - 2023-04-01 23:46 - 000001623 _ C:\WINDOWS\system32\config\VSMIDK
2023-03-31 00:26 - 2023-04-06 02:15 - 000000000 ____D C:\ProgramData\LogMeIn
2023-03-31 00:26 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeIn
2023-03-31 00:23 - 2023-04-06 07:34 - 000000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2023-03-31 00:23 - 2023-04-06 02:15 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeInIgnition
2023-03-31 00:23 - 2023-03-31 00:23 - 000002023 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2023-03-31 00:23 - 2023-03-31 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\LogMeInIgnition
2023-03-31 00:22 - 2023-03-31 00:22 - 010297344 _ C:\Users\fredp\Downloads\LogMeInIgnition.msi
2023-03-31 00:16 - 2023-03-31 00:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-03-31 00:16 - 2023-03-30 23:24 - 000002440 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\WINDOWS\Panther
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\Windows.old
2023-03-31 00:12 - 2023-03-31 00:12 - 000000000 ____D C:\WINDOWS\Firmware
2023-03-31 00:11 - 2023-03-31 00:11 - 000008192 _ C:\WINDOWS\system32\config\userdiff
2023-03-31 00:06 - 2023-04-05 03:11 - 000002504 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-31 00:06 - 2023-03-31 00:06 - 000003760 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95}
2023-03-31 00:06 - 2023-03-31 00:06 - 000003492 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922}
2023-03-31 00:03 - 2023-03-30 23:22 - 000000000 ___HD C:\$SysReset
2023-03-30 23:56 - 2023-03-30 23:56 - 000000000 ____D C:\Users\fredp\AppData\Local\Comms
2023-03-30 23:52 - 2023-03-31 00:07 - 000000000 ____D C:\Users\fredp\AppData\Local\Google
2023-03-30 23:52 - 2023-03-30 23:52 - 001427176 _ (Google LLC) C:\Users\fredp\Downloads\ChromeSetup.exe
2023-03-30 23:45 - 2023-04-06 10:45 - 000000000 ____D C:\Users\fredp\AppData\LocalLow\Mozilla
2023-03-30 23:45 - 2023-04-06 10:01 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-30 23:41 - 2023-03-30 23:41 - 000000000 ____D C:\Users\fredp\AppData\Local\Publishers
2023-03-30 23:33 - 2023-03-30 23:33 - 000000000 ____D C:\Users\fredp\AppData\Local\Dell
2023-03-30 23:30 - 2023-04-05 23:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-30 23:27 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\CEF
2023-03-30 23:26 - 2023-04-06 18:36 - 000000000 ____D C:\Users\fredp\AppData\Local\PlaceholderTileLogoFolder
2023-03-30 23:26 - 2023-04-05 21:22 - 000003592 _ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000003380 _ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000002385 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-03-30 23:25 - 2023-04-06 01:05 - 000804932 _ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-30 23:25 - 2023-03-30 23:25 - 000000000 ____D C:\Users\fredp\AppData\Local\Downloaded Installations
2023-03-30 23:24 - 2023-04-06 18:38 - 000000000 ____D C:\Users\fredp\AppData\Local\D3DSCache
2023-03-30 23:24 - 2023-04-06 18:36 - 000000000 ____D C:\Users\fredp\AppData\Local\Packages
2023-03-30 23:24 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ConnectedDevicesPlatform
2023-03-30 23:24 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\AMD
2023-03-30 23:24 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA Corporation
2023-03-30 23:24 - 2023-03-30 23:24 - 000000020 ___SH C:\Users\fredp\ntuser.ini
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Adobe
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Local\VirtualStore
2023-03-30 23:22 - 2023-04-06 01:01 - 000003310 _ C:\WINDOWS\system32\Tasks\iGoAudioTask
2023-03-30 23:22 - 2023-04-06 01:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-30 23:22 - 2023-04-05 22:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\AWCC
2023-03-30 23:22 - 2023-04-04 21:27 - 000003536 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-30 23:22 - 2023-04-04 21:27 - 000003412 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-30 23:22 - 2023-03-31 00:28 - 000003368 _ C:\WINDOWS\system32\Tasks\iGoAudioTaskSession
2023-03-30 23:22 - 2023-03-30 23:31 - 000003952 _ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2023-03-30 23:22 - 2023-03-30 23:22 - 000003398 _ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000003152 _ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002914 _ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:21 - 2023-04-05 22:40 - 000000000 ____D C:\Users\fredp
2023-03-30 23:18 - 2023-04-06 18:36 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-30 23:18 - 2023-04-01 20:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\ProgramData\Dolby
2023-03-30 23:17 - 2023-04-06 00:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-30 23:17 - 2023-03-31 01:34 - 000471320 _ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-30 23:17 - 2023-03-30 23:20 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\Program Files\AMD
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01.EXE
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01 (1).EXE
2023-03-30 21:56 - 2023-03-30 21:56 - 000702816 _ (Dell Inc.) C:\Users\fredp\Downloads\SupportAssistLauncher.exe
2023-03-28 22:16 - 2023-03-28 22:16 - 048184842 _ (SomePythonThings ) C:\Users\fredp\Downloads\ElevenClock.Installer.exe
2023-03-28 21:25 - 2023-03-28 21:25 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\PowerToys
2023-03-28 21:24 - 2023-03-31 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2023-03-28 18:44 - 2023-03-28 18:44 - 000001038 _ C:\Users\fredp\Downloads\Export-23032901423089219967a149bfe3.zip
2023-03-27 03:38 - 2023-03-27 03:39 - 000016658 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_033852.reg
2023-03-27 02:25 - 2023-03-27 02:25 - 000000452 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022503.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000083484 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022420.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000006088 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022443.reg
2023-03-27 01:44 - 2023-03-31 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-03-27 01:44 - 2023-03-27 01:44 - 000000980 _ C:\Users\fredp\Downloads\Documents - Shortcut.lnk
2023-03-27 01:43 - 2023-03-27 01:43 - 054286968 _ (Piriform Software Ltd) C:\Users\fredp\Downloads\ccsetup610.exe
2023-03-27 00:29 - 2023-03-27 00:29 - 000000000 ___DL C:\E
2023-03-27 00:14 - 2023-03-27 00:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\DellInc.DellSupportAssistforPCs_htrsf667h5kn2!App
2023-03-24 15:14 - 2023-03-24 15:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\Microsoft.DiagnosticDataViewer_8wekyb3d8bbwe!App
2023-03-24 03:26 - 2023-03-24 03:26 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\Custom Office Templates
2023-03-24 02:18 - 2023-03-24 02:18 - 000000000 ____H C:\Users\fredp\OneDrive\Documents\Default.rdp
2023-03-22 03:19 - 2023-03-22 03:19 - 062664616 _ (ExpressVPN) C:\Users\fredp\Downloads\expressvpn_windows_12.46.0.42_release.exe
2023-03-20 23:17 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2023-03-20 16:45 - 2023-03-20 16:45 - 000061496 _ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2023-03-20 16:45 - 2023-03-20 16:45 - 000056552 _ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-tun.sys
2023-03-20 07:16 - 2023-03-20 07:16 - 000391315 _ C:\Users\fredp\Downloads\3509-230318-Opp Ex Parte Final.pdf
2023-03-20 06:11 - 2023-03-20 06:11 - 000347441 _ C:\Users\fredp\Downloads\LTR ISR 4533-7120 draft (Natha)(18414727.1).pdf
2023-03-19 23:42 - 2023-03-19 23:42 - 000174843 _ C:\Users\fredp\Downloads\3509-230317-Ex Parte App to Cont Trial and Prop Ord-Amirtalesh.pdf
2023-03-12 19:36 - 2023-03-12 19:36 - 002580896 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup.exe
2023-03-09 02:15 - 2023-03-09 02:15 - 000000000 __SHD C:\Do_Not_Delete
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-06 19:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-06 19:11 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-06 18:52 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-04-06 18:42 - 2023-02-13 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2023-04-06 18:36 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-06 01:18 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files (x86)\Alienware Digital Delivery Services
2023-04-06 01:05 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2023-04-06 01:01 - 2023-01-26 16:29 - 000000000 __RHD C:\Users\fredp\OneDrive
2023-04-06 01:01 - 2023-01-19 10:15 - 000012288 ___SH C:\DumpStack.log.tmp
2023-04-06 01:00 - 2022-05-06 22:17 - 000524288 _ C:\WINDOWS\system32\config\BBI
2023-04-05 23:24 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Packages
2023-04-05 22:52 - 2023-01-19 10:23 - 000000000 ____D C:\Program Files\Alienware
2023-04-05 22:52 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Package Cache
2023-04-05 22:51 - 2023-01-19 10:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-04-05 22:51 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files (x86)\Dell
2023-04-05 22:39 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office
2023-04-05 22:32 - 2023-01-19 09:59 - 002552063 ____N C:\WINDOWS\Minidump\040523-16296-01.dmp
2023-04-05 02:43 - 2022-05-24 21:28 - 000000000 ____D C:\dell
2023-04-03 23:24 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Dell
2023-04-03 01:22 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\Dell
2023-04-01 18:35 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-31 10:27 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-31 00:16 - 2023-01-26 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-31 00:16 - 2022-05-06 22:28 - 000000000 ____D C:\WINDOWS\Setup
2023-03-31 00:16 - 2022-05-06 22:24 - 000028672 _ C:\WINDOWS\system32\config\BCD-Template
2023-03-31 00:16 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-03-31 00:15 - 2022-05-06 22:25 - 000209920 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000249856 _ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-03-30 23:40 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-03-30 23:40 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2023-03-30 23:32 - 2023-01-19 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-03-30 23:30 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-03-30 23:24 - 2023-01-19 10:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-03-30 23:22 - 2023-02-23 14:12 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-03-30 23:22 - 2023-01-26 22:11 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-30 23:22 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-03-30 23:22 - 2022-05-06 22:17 - 000032768 _ C:\WINDOWS\system32\config\ELAM
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\WINDOWS\{427AB09C-B3AD-4EB7-9D73-6D584684FE91}
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\WINDOWS\nvmup
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:24 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-03-30 23:20 - 2023-01-19 10:23 - 000000000 ____D C:\ProgramData\Alienware
2023-03-30 23:20 - 2023-01-19 10:10 - 000000000 ____D C:\WINDOWS\scratch
2023-03-30 23:20 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-03-30 23:19 - 2023-01-19 10:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-03-30 23:19 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\dotnet
2023-03-30 23:19 - 2023-01-19 10:14 - 000000000 ____D C:\backup
2023-03-30 23:19 - 2023-01-19 10:01 - 000000000 ____D C:\MFG
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-03-30 23:17 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState
==================== Files in the root of some directories ========
2023-01-19 10:26 - 2021-05-14 04:42 - 000000235 _ () C:\ProgramData\LaunchOSDonce.vbs
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ===================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-04-2023
Ran by fredp (06-04-2023 19:27:00)
Running from C:\Users\fredp\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) (2023-03-31 06:24:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3247745194-3029165324-3130719624-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3247745194-3029165324-3130719624-503 - Limited - Disabled)
fredp (S-1-5-21-3247745194-3029165324-3130719624-1001 - Administrator - Enabled) => C:\Users\fredp
Guest (S-1-5-21-3247745194-3029165324-3130719624-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3247745194-3029165324-3130719624-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware CC Components for AWCC (1.1.37.0) (HKLM\...\Alienware CC Components for AWCC) (Version: 1.1.37.0 - Dell Inc) Hidden
Alienware Command Center Package Manager (HKLM-x32\...\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}) (Version: 5.5.43.0 - Dell Inc.)
Alienware Command Center Suite (HKLM\...\{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Command Center Suite (HKLM-x32\...\InstallShield_{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Digital Delivery Services (HKLM-x32\...\{CF95CED4-3A1E-4486-B7FA-428C25D617ED}) (Version: 5.0.64.0 - Dell Inc.)
Alienware FX Display Smart Installer (2.2.11.0) (HKLM\...\AWFXDisp_SmartInstaller) (Version: 2.2.11.0 - Dell Inc) Hidden
Alienware FX Display001 Smart Installer (2.4.1.205) (HKLM\...\{ACFDF14D-FCE6-4D6E-AD2B-BEFAF66FDAF4}_is1) (Version: 2.4.1.205 - Dell Inc.) Hidden
Alienware OC Controls (HKLM-x32\...\{24b87c1a-6ce2-4d88-ba35-c17b38acba62}) (Version: 1.4.26.1430 - Dell Inc) Hidden
Alienware OCControls Service Installer (HKLM\...\{0E2007DF-D030-449E-892F-E09FF4F8ECAE}) (Version: 1.4.26.1430 - DELL Inc) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM\...\{7DFEC04C-4CBC-4013-AAA2-A1E7B1CD135B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM-x32\...\{ab3f7261-beee-49b8-b31a-27dd1dfd122d}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware SupportAssist Remediation (HKLM\...\{DEF2160E-12B6-477C-9D55-DF4B100E3E2B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist Remediation (HKLM-x32\...\{9dd30d6d-7999-4e32-9295-a2d7ece703ba}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.3.0 - Dell Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
BrLauncher (HKLM-x32\...\{9D02508E-D7FF-4DC4-B423-B4C2AD42FAC5}) (Version: 2.0.27.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{3DEA56AB-0899-41DF-8C4F-0A608FD36904}) (Version: 10.5.0.74 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{d0c84829-3b3f-46d1-b292-e3fb77d972c2}) (Version: 10.5.0.74 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{79262B43-9E15-4732-A034-BFD29D9BD077}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{F9496A68-777D-4B9F-A72B-34FCA4AB6D55}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{DC05CAEF-CDB0-4DAA-A8A1-5B72B4714FD3}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{2326DFD5-AF8C-46B0-B2BA-943999A62FB9}) (Version: 1.0.12.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{8B58D1A2-DFAD-4069-A0C0-7FD272B68BB3}) (Version: 1.0.30.0 - Brother Industries Ltd.) Hidden
Dell SupportAssist (HKLM\...\{82B84211-71FD-4AB7-87D1-68568646860F}) (Version: 3.13.2.14 - Dell Inc.)
ExpressVPN (HKLM-x32\...\{bbf35f5e-ff68-491e-be69-1772c80b4a8f}) (Version: 12.46.0.42 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B898AD785B}) (Version: 12.46.0.42 - ExpressVPN) Hidden
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Google Chrome (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Google Chrome) (Version: 111.0.5563.148 - Google LLC)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 6.01 - Janos Mathe)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{E2D35939-25BF-4EC8-BF6D-F9C0AF8ECC11}) (Version: 2.0.30.1 - Brother Industries Ltd.)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
LogMeIn Client (HKLM-x32\...\{71B8933C-E625-4B0D-9A9D-343ED72F3BC2}) (Version: 1.3.5398 - LogMeIn, Inc.)
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16227.20258 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\OneDriveSetup.exe) (Version: 23.061.0319.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16227.20258 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM\...\{C1CD2FC1-92E6-4DE2-89D8-6D309881856F}) (Version: 48.39.47171 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM-x32\...\{569b351b-451b-48db-a2c7-7beb63411666}) (Version: 6.0.9.31620 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{A195CE5F-17C2-4BC1-AFE1-665695F8FF2E}) (Version: 1.2.23.0 - Brother Industries, Ltd.) Hidden
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20332 - Microsoft Corporation) Hidden
PC-FAXReceive (HKLM-x32\...\{56D227E7-9A8E-4EFC-8401-1FFFF7DBA13B}) (Version: 1.8.421.0 - Brother Industries, Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{4A924D32-17F1-4EFC-B2D8-BBCF1BC6E26C}) (Version: 3.7.15.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
PowerToys (Preview) (HKLM\...\{7F0C3584-ED21-4282-9931-50D173C2CCE5}) (Version: 0.68.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{51efee50-0959-4cb6-8958-e1c1ba33fbdf}) (Version: 0.68.1 - Microsoft Corporation)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9369.1 - Realtek Semiconductor Corp.)
ScannerUtilityInstaller (HKLM-x32\...\{D94DD953-F38C-4220-A17C-9217106510A6}) (Version: 1.20.0.1 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{3D1AD910-B82B-4635-B1C3-0CEF9F6F3D34}) (Version: 1.0.21.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{2CA4537C-19BA-47F5-88A6-7C9DB6BD37B4}) (Version: 1.35.1.0 - Brother Industries, Ltd.) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Packages:
=========
Alienware Customer Connect -> C:\Program Files\WindowsApps\DellInc.AlienwareCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Digital Delivery -> C:\Program Files\WindowsApps\DellInc.AlienwareDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2023-04-01] (Dell Inc)
Alienware OnScreen Display -> C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Update -> C:\Program Files\WindowsApps\DellInc.AlienwareUpdate_4.8.20.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2023-04-05] (Thoroughsoft)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\dellinc.dellsupportassistforpcs_3.13.7.0_x64__htrsf667h5kn2 [2023-03-31] (Dell Inc)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2209.22941.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation)
Direct Whois -> C:\Program Files\WindowsApps\KomodexSystems.DirectWhois_1.0.0.0_neutral__2164brwjfsjmg [2023-04-05] (Komodex Systems)
Dolby Access -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaccess_3.16.352.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.2.244.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
intelliGo Neptune -> C:\Program Files\WindowsApps\IntelligoTechnologyInc.intelliGoNeptune_1.0.112.0_x64__zzw691tb7va64 [2023-03-30] (Intelligo Technology Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corp.)
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_111.0.1.0_x64__n80bbvh6b1yt2 [2023-03-30] (Mozilla)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.93.6831.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [Startup Task]
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation)
My Alienware -> C:\Program Files\WindowsApps\DellInc.MyAlienware_2.2.4.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2023-04-05] (Shipwreck Software) [MS Ad]
Network Usage -> C:\Program Files\WindowsApps\7340RobertDurfee.NetworkUsage_3.1.8.0_x64__ygerwv1yqg9j8 [2023-04-05] (Robert Durfee)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-30] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.6154.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation) [Startup Task]
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys\modules\ImageResizer [2023-03-31] (0)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\modules\PowerRename [2023-03-31] (0)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.39.279.0_x64__dt26b99r8h8gj [2023-03-30] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Studios) [MS Ad]
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.8.0_x64__cw5n1h2txyewy [2023-04-06] (Microsoft Windows)
System Internals -> C:\Program Files\WindowsApps\58380Millionerd.55815960D4FD3_2.3.54.0_neutral__gvk782kz518e0 [2023-04-05] (Million)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-03-31] (Matt Hafner)
WiFi Manager -> C:\Program Files\WindowsApps\62283sudanec.WiFiManager_2.0.1.0_x64__jtya06md77q40 [2023-04-05] (sudanec)
WLAN-Monitor -> C:\Program Files\WindowsApps\42667Pinqinselektrostube.32892633D96D_1.1.0.0_x64__5d58qq83w4ter [2023-04-05] (Pinqinselektrostube)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{745fba2b-78ca-4eaf-6688-ba4f69a60391}\localserver32 -> C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe (Dell Inc -> Dell Technologies)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\fredp\AppData\Local\Google\Chrome\Application\111.0.5563.148\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\nvshext.dll [2022-06-14] (Nvidia Corporation -> NVIDIA Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2022-11-10 18:46 - 2022-11-10 18:46 - 000543744 _ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 001874432 _ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 000020480 _ () [File not signed] C:\Program Files (x86)\Browny02\OfferingService.dll
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2022-11-07 12:53 - 2022-11-07 12:53 - 001548800 _ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Alienware Digital Delivery Services\SQLite.Interop.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd: => <==== ATTENTION
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-06 22:24 - 2022-05-06 22:22 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\themea\img20.jpg
DNS Servers: 10.131.0.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F"
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{63D4E386-34DB-4A3E-9DF0-03A5EE4CBAD0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13E84BE4-9861-4460-9EC5-67E6113D149A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9709BA26-B5C2-4DE9-8DBC-6ED379A6FD23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{673870B4-62D9-463E-81A3-A5F8AA6F8B05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A9D2C093-3C80-405D-9B38-8C1B151083AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{16C2FC97-5C84-42E1-B2EF-5DBAE74A3508}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D8D9112E-EFD0-4291-89D2-1A5AEB58509C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C14C20BD-149E-4BB6-82FC-30126C69E45D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0BAC1BED-23F5-4956-AF04-C75C0ED4E7BB}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91509B0A-65AE-4F1D-8FB6-3D3AD8459109}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{03A9AC68-F811-4447-8FC9-ED6EF6DB54D6}] => (Allow) LPort=54925
FirewallRules: [{655A344F-7915-488F-9EB0-2B3BFF541E0B}] => (Allow) LPort=54950
FirewallRules: [{4FD38828-B9B7-4954-AE09-0B6500EEB2A6}] => (Allow) LPort=54955
FirewallRules: [{38D1B3CB-7B07-45BA-BED4-FB87A62F3912}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{4A944CEC-A899-40AA-82E6-C46A3ED032F5}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{9BAC68D4-F2ED-4548-9AAB-4F6643DEECF3}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{4E655236-DED2-4A04-9857-2291216C1F14}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [TCP Query User{B0604404-BA95-4557-BB66-0612903F16A9}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{91C6244B-3DDF-406D-B428-DAE208A7D660}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{7CB63A66-C35F-4D5B-8147-65C9E09501D6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{0BAF2920-A21F-4A30-8ED6-27233C91DCE1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:932.68 GB) (Free:610.12 GB) (65%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/06/2023 06:59:32 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HKKIPON)
Description: Faulting application name: taskmgr.exe, version: 10.0.22621.1344, time stamp: 0xa925d5bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22621.1485, time stamp: 0x821275c1
Exception code: 0xc000027b
Fault offset: 0x00000000005ad05b
Faulting process id: 0x0x4c88
Faulting application start time: 0x0x1d968f416723084
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: d6130cc0-c3ee-431b-9087-e9a12c5674a3
Faulting package full name:
Faulting package-relative application ID:
Error: (04/06/2023 06:58:54 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HKKIPON)
Description: Faulting application name: SearchHost.exe, version: 623.3900.50.0, time stamp: 0x64125ca9
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22621.1485, time stamp: 0x821275c1
Exception code: 0xc0000409
Fault offset: 0x00000000001c6e45
Faulting process id: 0x0x3bb4
Faulting application start time: 0x0x1d968f481e53493
Faulting application path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 4a359e27-2162-492b-8fb8-05001bcf5ba1
Faulting package full name:
Faulting package-relative application ID:
Error: (04/06/2023 06:52:57 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program NetworkInspector.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Error: (04/06/2023 08:22:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2829e5bc-bb6b-40aa-96ef-8dd9f4c6339c}
Error: (04/06/2023 08:15:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2829e5bc-bb6b-40aa-96ef-8dd9f4c6339c}
Error: (04/06/2023 07:38:25 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HKKIPON)
Description: Faulting application name: Widgets.exe, version: 421.20070.1500.0, time stamp: 0x641e44e9
Faulting module name: Widgets.exe, version: 421.20070.1500.0, time stamp: 0x641e44e9
Exception code: 0xc0000409
Fault offset: 0x000000000014da07
Faulting process id: 0x0x2314
Faulting application start time: 0x0x1d9685e0074e035
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: 19fe83d5-81fd-4721-b870-e353fec47011
Faulting package full name: MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Widgets
Error: (04/06/2023 05:19:39 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HKKIPON)
Description: Faulting application name: LMIIgnition.exe, version: 1.3.0.5398, time stamp: 0x635964ad
Faulting module name: LMIIgnition.exe, version: 1.3.0.5398, time stamp: 0x635964ad
Exception code: 0xc0000409
Fault offset: 0x003f1b97
Faulting process id: 0x0x1f3c
Faulting application start time: 0x0x1d9688205e59972
Faulting application path: C:\Program Files (x86)\LogMeIn Ignition\LMIIgnition.exe
Faulting module path: C:\Program Files (x86)\LogMeIn Ignition\LMIIgnition.exe
Report Id: bcbcced9-9b6e-45f6-bc7b-bca90f8b59e1
Faulting package full name:
Faulting package-relative application ID:
Error: (04/06/2023 02:15:20 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2829e5bc-bb6b-40aa-96ef-8dd9f4c6339c}
System errors:
=============
Error: (04/06/2023 08:12:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/06/2023 01:01:36 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.
Error: (04/06/2023 01:01:31 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (04/06/2023 12:07:46 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/06/2023 12:06:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.
Error: (04/06/2023 12:06:07 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (04/05/2023 10:41:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.
Error: (04/05/2023 10:41:15 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Windows Defender:
================
Date: 2023-04-04 23:46:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-04 00:18:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-01 23:44:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2023-04-01 23:48:41
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\win32u.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Alienware 1.7.0 02/09/2023
Motherboard: Alienware 0FDTJY
Processor: AMD Ryzen 9 6900HX with Radeon Graphics
Percentage of memory in use: 15%
Total physical RAM: 64755.52 MB
Available physical RAM: 54591.08 MB
Total Virtual: 73971.52 MB
Available Virtual: 61672.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:932.68 GB) (Free:610.12 GB) (Model: PC801 NVMe SK hynix 1TB) (Protected) NTFS
\\?\Volume{3e2c92b7-2a74-49c0-8cf9-46d1e985e9b6}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.22 GB) NTFS
\\?\Volume{271e9d6e-def1-4889-bc12-8c71dbdfcf60}\ (Image) (Fixed) (Total:18.36 GB) (Free:0.1 GB) NTFS
\\?\Volume{8e1a14ad-82e4-4bb9-be60-998d2efd1910}\ (DELLSUPPORT) (Fixed) (Total:1.41 GB) (Free:0.47 GB) NTFS
\\?\Volume{be4a5e4d-dde6-4989-bbd5-0c4adf0542c1}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 26FFCC7B)
Partition: GPT.
==================== End of Addition.txt =======================
Hello, fredp333.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
======================
1. Screenshots
I don't see anything from what you mentioned in your initial post (Windows 10 signs, strange accounts etc.). Can you take screenshots of the strange things you see?
2. Settings in registry
Did you set these:
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd: => <==== ATTENTION
3. Online Scan
Download ESET Online Scanner and save it to your desktop.
In your next reply please post:
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
======================
1. Screenshots
I don't see anything from what you mentioned in your initial post (Windows 10 signs, strange accounts etc.). Can you take screenshots of the strange things you see?
2. Settings in registry
Did you set these:
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd: => <==== ATTENTION
3. Online Scan
Download ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
In your next reply please post:
- Screenshots about any strange thing you see
- A reply about the settings in registry
- The eset.txt
Good evening,
I will reply separately with screenshots of some strange things I can find tonight, or that I found previously and the eset log. I wanted to say THANK YOU so much for assisting me, and I will do my best to provide you with all information you request as you try to help me out. Thank you again.
As for those registry settings you identify, No, I did not set them or alter them.
Finally, I did want to indicate that, before I saw your reply from earlier this morning to my initial posts, I did install some new software onto my laptop. I hope it doesn't screw anything up in your process. Looking at my apps in settings, I know that I downloaded/installed Irfanview and the TOR browser (not an app officially, I know, but I did search for and download it). The Settings also list some other newly installed apps since 4/6 when I posted here. I will post a screenshot with my next reply (only new apps are MS Edge, Edge WebView, Speech Pack, and "System Intervals.")
Will get screenshots together and post ESET log shortly, thank you!
--Fred
I will reply separately with screenshots of some strange things I can find tonight, or that I found previously and the eset log. I wanted to say THANK YOU so much for assisting me, and I will do my best to provide you with all information you request as you try to help me out. Thank you again.
As for those registry settings you identify, No, I did not set them or alter them.
Finally, I did want to indicate that, before I saw your reply from earlier this morning to my initial posts, I did install some new software onto my laptop. I hope it doesn't screw anything up in your process. Looking at my apps in settings, I know that I downloaded/installed Irfanview and the TOR browser (not an app officially, I know, but I did search for and download it). The Settings also list some other newly installed apps since 4/6 when I posted here. I will post a screenshot with my next reply (only new apps are MS Edge, Edge WebView, Speech Pack, and "System Intervals.")
Will get screenshots together and post ESET log shortly, thank you!
--Fred
Hello again, thanks for waiting for me, I had to get some stuff done outside the house and took me a while to get back to this. One error I discovered I made in my initial post: I thought the file size of new apps was mostly a flat 16 kb, but I found far more 8 kb in size.
Ok the following screenshots I attach show just a few weird things I could find quickly. This issue has been ongoing for a couple months and it's not one or two small things, it's that the laptop as a whole feels off, doesn't seem to shut down or sleep, doesn't seem to keep whatever settings changes I make, doesn't let me customize it, change tasks, or basically act like all other laptops I've owned previously. Here's the screenshot contents: 1) apps installed since my first post, only one of which I downloaded- I know MS Edge will reinstall, but I don't know about the other new apps; 2) some of the 8 kb size apps that seem to have replaced the originals; 3) some of the16 kb size apps that did the same; 4) list of some of my task manager showing a lot of network processes running in my opinion, for someone not a local/home network; 5) a list of some of my drivers running; 6) 2nd half of the driver list.
I cannot remember where I encountered messages about windows 10 - it may have been when i would try a particular troubleshooter to address a problem, I distinctly remember several times seeing that message, that my windows 10 version was not compatible with what I was trying to run. As I tried to run the ESET scanner, however, I found an instance of this issue: I clicked to start the scan and got 6 identical "error" windows popping up, which referenced some driver that was not going to allow eset. I clicked for "learn more" and got to a microsoft website that explained this problem as one with Windows 10 security measures. These are in screenshots # 7 and #8, attached. The Full Scan did take place and the results are posted below. Thank you!
-Fred
4/9/2023 0:21:29 AM
Files scanned: 301176
Detected files: 1
Cleaned files: 1
Total scan time 00:35:08
Scan status: Finished
C:\Users\fredp\Pictures\fRED nANCY wEDDING pICS\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
![Image]()
![Image]()
![Image]()
![Image]()
![Image]()
![Image]()
![Image]()
![Image]()
Ok the following screenshots I attach show just a few weird things I could find quickly. This issue has been ongoing for a couple months and it's not one or two small things, it's that the laptop as a whole feels off, doesn't seem to shut down or sleep, doesn't seem to keep whatever settings changes I make, doesn't let me customize it, change tasks, or basically act like all other laptops I've owned previously. Here's the screenshot contents: 1) apps installed since my first post, only one of which I downloaded- I know MS Edge will reinstall, but I don't know about the other new apps; 2) some of the 8 kb size apps that seem to have replaced the originals; 3) some of the16 kb size apps that did the same; 4) list of some of my task manager showing a lot of network processes running in my opinion, for someone not a local/home network; 5) a list of some of my drivers running; 6) 2nd half of the driver list.
I cannot remember where I encountered messages about windows 10 - it may have been when i would try a particular troubleshooter to address a problem, I distinctly remember several times seeing that message, that my windows 10 version was not compatible with what I was trying to run. As I tried to run the ESET scanner, however, I found an instance of this issue: I clicked to start the scan and got 6 identical "error" windows popping up, which referenced some driver that was not going to allow eset. I clicked for "learn more" and got to a microsoft website that explained this problem as one with Windows 10 security measures. These are in screenshots # 7 and #8, attached. The Full Scan did take place and the results are posted below. Thank you!
-Fred
4/9/2023 0:21:29 AM
Files scanned: 301176
Detected files: 1
Cleaned files: 1
Total scan time 00:35:08
Scan status: Finished
C:\Users\fredp\Pictures\fRED nANCY wEDDING pICS\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
Hello.
Those warnings are not something to worry about.
If you would like, you can open the Core isolation page by going to Settings > Privacy & Security > Windows Security > Device Security and then under Core isolation, selecting Core isolation details and turn the Memory Integrity setting off.
Still, I don't understand the following:
After that:
1. FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
2. Run AdwCleaner (scan only)
Download AdwCleaner and save it to your desktop.
3. Run Malwarebytes (scan only)
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
In your next reply, please post:
Those warnings are not something to worry about.
If you would like, you can open the Core isolation page by going to Settings > Privacy & Security > Windows Security > Device Security and then under Core isolation, selecting Core isolation details and turn the Memory Integrity setting off.
Still, I don't understand the following:
Can you please give me more details?
After that:
1. FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Download the attached fixlist.txt and save it on the Desktop, where the FRST tool is located.
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
2. Run AdwCleaner (scan only)
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
3. Run Malwarebytes (scan only)
- Download Malwarebytes and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is NOT checked. Under the title Potentially unwanted items all options are set to Always. - Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- More details about the issues you are dealing with.
- The fixlog.txt
- The AdwCleaner[S0*].txt
- The Malwarebytes report
Good evening, and thank you so much for the help so far. I know the issues I am dealing with are a little vague. I will try to be more clear/specific, but I think that part of the issue is that I recently did a reset of windows and some things appear to have been resolved. For instance prior to resetting Windows I would get frequent errors and then crashes, when I would open something requiring the use of MMC.exe.
I would also try to view the security properties on a particular file or folder and be told that I had insufficient access/authority. Or I would try to disable a service, or end a mysterious process, but be told the operation was not completed, because "access is denied."
I took notes one time things seemed very strange, because there were just a seemingly impossible number of services and tasks running that had to do with a local network, when my laptop was brand new and I had no network of any kind set up (not even a wifi printer, a connected smart tv, etc.).
On that day I found the following tasks/task trees running that concerned me when taken together. If this is also legitimately nothing to worry about / typical for a non-network connected laptop less than a week old, I would love to understand why!
Service Host: DCOM Server Process Launcher (6)
Along with 'COM Surrogate'
Service Host: Remote Procedure Call (2)
Service Host: Local System (16 (!!!)) (When I expanded this, I saw tasks including Windows Update, Update Orchestrator Service, user Manager, Web AccountManager, System Event Notification Service, Task Scheduler, User Profile Service, Server, IP Helper, IKD and AuthIP IPsec Keying Modules, Background Intelligent Transfer Service, and others.
Service Host: Local System (Network Restricted) (10)
Service Host: Local System (No Network) (2)
Service Host: Unistack Service Group (2) ]nM clue what this is]
This just seems...off to me, and my brand new alienware laptop was running slow, crashing / getting the BSOD, reporting hardware problems when I would try something like SupportAssist, etc.
After the Windows reset, I'm still experiencing issues where I will change a setting but the change will revert back to the original setting.
1) For example Windows Recovery/Restore points cannot seem to be turned on. I've tried repeatedly, it keeps turning off.
2) In Windows Defender, SmartAppControl was on originally, then somehow got turned off (absolutely not by me) and now I need to reinstall windows (again??) to turn it on.
3) Also in defender, Secure Boot kept getting turned off, I would turn it on and restart, it would be off again...rinse, repeat.
4) I still would like to understand the replacement of my apps with 8kb or 16kb versions of them.
5) I get notifications that anti-virus scans will unexpectedly stop before completing.
6) I will turn my wifi off and disable my adapter because I am trying to remove any access that may have inadvertently occurred, but then one of these two things will happen: either a) the wifi/adapter will stay apparently off or disabled, but 5 green bars will appear on the graphic of the adapter in device manager, and I would swear on anything, the wifi is being used by someone/something. I can just, feel it, hear it, sense it. Maybe by one of the hidden network devices that i still fail to understand, or some other way. Or, b) the wifi and adapter are somehow re-enabled and turned back on.
Finally, just drives me a little bit crazy because I don't understand it:
7) I purchased office home/student with this laptop and downloaded it during setup on day one. However it keeps telling me to re-download and install, sometimes making me download Office 365 (which I did not purchase) It keeps re-installing/re-downloading different versions. Sigh.
I know none of these are earth-shattering on their own but there is just something off / something wrong. Ok, onto your fixes:
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-04-2023
Ran by fredp (10-04-2023 01:05:26) Run:1
Running from C:\Users\fredp\OneDrive\Desktop
Loaded Profiles: fredp
Boot Mode: Normal
==============================================
fixlist content:
*
closeprocesses:
systemrestore: on
createrestorepoint:
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll -> No File
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd: => <==== ATTENTION
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
*
Processes closed successfully.
SystemRestore: on => completed
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd => removed successfully
========= DISM /Online /Cleanup-Image /RestoreHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
Image Version: 10.0.22621.1485
[== 3.8% ]
[== 4.8% ]
[=== 5.7% ]
[=== 6.7% ]
[==== 7.7% ]
[===== 8.7% ]
[===== 9.7% ]
[====== 10.6% ]
[====== 11.6% ]
[======= 12.6% ]
[======= 13.6% ]
[======== 14.6% ]
[========= 15.5% ]
[========= 16.5% ]
[========== 17.5% ]
[========== 18.3% ]
[=========== 19.0% ]
[=========== 19.1% ]
[=========== 20.1% ]
[============ 21.1% ]
[============ 22.0% ]
[============= 23.0% ]
[============= 24.0% ]
[============== 25.0% ]
[============== 25.7% ]
[=============== 26.7% ]
[================ 27.7% ]
[================ 28.7% ]
[================= 29.7% ]
[================= 30.6% ]
[================== 31.6% ]
[================== 32.6% ]
[=================== 32.9% ]
[=================== 33.6% ]
[=================== 34.4% ]
[==================== 35.4% ]
[===================== 36.4% ]
[===================== 37.4% ]
[====================== 38.3% ]
[====================== 39.3% ]
[======================= 40.3% ]
[======================= 41.3% ]
[======================== 42.3% ]
[========================= 43.2% ]
[========================= 44.2% ]
[========================== 45.2% ]
[========================== 46.2% ]
[===========================47.2% ]
[===========================48.2% ]
[===========================49.1% ]
[===========================50.1% ]
[===========================51.1% ]
[===========================52.0% ]
[===========================52.2% ]
[===========================52.4% ]
[===========================52.5% ]
[===========================52.6% ]
[===========================52.7% ]
[===========================52.8% ]
[===========================52.9% ]
[===========================53.1% ]
[===========================53.2% ]
[===========================53.4% ]
[===========================53.6% ]
[===========================53.7% ]
[===========================54.2% ]
[===========================54.3% ]
[===========================54.4% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================54.8% ]
[===========================54.9% ]
[===========================55.0% ]
[===========================55.1% ]
[===========================55.2% ]
[===========================55.4% ]
[===========================55.5% ]
[===========================55.7% ]
[===========================56.2% ]
[===========================56.3% ]
[===========================56.6% ]
[===========================56.8% ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.4%= ]
[===========================58.4%= ]
[===========================59.4%== ]
[===========================59.5%== ]
[===========================59.5%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.
========= End of CMD: =========
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 01:07:32 ====
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-10-2023
# Duration: 00:00:02
# OS: Windows 11 (Build 22621.1485)
# Scanned: 32095
# Detected: 13
* [ Services ] *
No malicious services found.
* [ Folders ] *
No malicious folders found.
* [ Files ] *
No malicious files found.
* [ DLL ] *
No malicious DLLs found.
* [ WMI ] *
No malicious WMI found.
* [ Shortcuts ] *
No malicious shortcuts found.
* [ Tasks ] *
No malicious tasks found.
* [ Registry ] *
No malicious registry entries found.
* [ Chromium (and derivatives) ] *
No malicious Chromium entries found.
* [ Chromium URLs ] *
No malicious Chromium URLs found.
* [ Firefox (and derivatives) ] *
No malicious Firefox entries found.
* [ Firefox URLs ] *
No malicious Firefox URLs found.
* [ Hosts File Entries ] *
No malicious hosts file entries found.
* [ Preinstalled Software ] *
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\Users\fredp\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\ALIENWARE UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
AdwCleaner[S00].txt - [2791 octets] - [05/04/2023 22:31:00]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/10/23
Scan Time: 1:24 AM
Log File: 1087cecc-d779-11ed-9f42-04bf1b3c0814.json
-Software Information-
Version: 4.5.26.259
Components Version: 1.0.1976
Update Package Version: 1.0.67815
License: Trial
-System Information-
OS: Windows 11 (Build 22621.1485)
CPU: x64
File System: NTFS
User: DESKTOP-HKKIPON\fredp
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275386
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 46 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
I would also try to view the security properties on a particular file or folder and be told that I had insufficient access/authority. Or I would try to disable a service, or end a mysterious process, but be told the operation was not completed, because "access is denied."
I took notes one time things seemed very strange, because there were just a seemingly impossible number of services and tasks running that had to do with a local network, when my laptop was brand new and I had no network of any kind set up (not even a wifi printer, a connected smart tv, etc.).
On that day I found the following tasks/task trees running that concerned me when taken together. If this is also legitimately nothing to worry about / typical for a non-network connected laptop less than a week old, I would love to understand why!
Service Host: DCOM Server Process Launcher (6)
Along with 'COM Surrogate'
Service Host: Remote Procedure Call (2)
Service Host: Local System (16 (!!!)) (When I expanded this, I saw tasks including Windows Update, Update Orchestrator Service, user Manager, Web AccountManager, System Event Notification Service, Task Scheduler, User Profile Service, Server, IP Helper, IKD and AuthIP IPsec Keying Modules, Background Intelligent Transfer Service, and others.
Service Host: Local System (Network Restricted) (10)
Service Host: Local System (No Network) (2)
Service Host: Unistack Service Group (2) ]nM clue what this is]
This just seems...off to me, and my brand new alienware laptop was running slow, crashing / getting the BSOD, reporting hardware problems when I would try something like SupportAssist, etc.
After the Windows reset, I'm still experiencing issues where I will change a setting but the change will revert back to the original setting.
1) For example Windows Recovery/Restore points cannot seem to be turned on. I've tried repeatedly, it keeps turning off.
2) In Windows Defender, SmartAppControl was on originally, then somehow got turned off (absolutely not by me) and now I need to reinstall windows (again??) to turn it on.
3) Also in defender, Secure Boot kept getting turned off, I would turn it on and restart, it would be off again...rinse, repeat.
4) I still would like to understand the replacement of my apps with 8kb or 16kb versions of them.
5) I get notifications that anti-virus scans will unexpectedly stop before completing.
6) I will turn my wifi off and disable my adapter because I am trying to remove any access that may have inadvertently occurred, but then one of these two things will happen: either a) the wifi/adapter will stay apparently off or disabled, but 5 green bars will appear on the graphic of the adapter in device manager, and I would swear on anything, the wifi is being used by someone/something. I can just, feel it, hear it, sense it. Maybe by one of the hidden network devices that i still fail to understand, or some other way. Or, b) the wifi and adapter are somehow re-enabled and turned back on.
Finally, just drives me a little bit crazy because I don't understand it:
7) I purchased office home/student with this laptop and downloaded it during setup on day one. However it keeps telling me to re-download and install, sometimes making me download Office 365 (which I did not purchase) It keeps re-installing/re-downloading different versions. Sigh.
I know none of these are earth-shattering on their own but there is just something off / something wrong. Ok, onto your fixes:
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-04-2023
Ran by fredp (10-04-2023 01:05:26) Run:1
Running from C:\Users\fredp\OneDrive\Desktop
Loaded Profiles: fredp
Boot Mode: Normal
==============================================
fixlist content:
*
closeprocesses:
systemrestore: on
createrestorepoint:
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll -> No File
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd: => <==== ATTENTION
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
*
Processes closed successfully.
SystemRestore: on => completed
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Classes\.cmd => removed successfully
========= DISM /Online /Cleanup-Image /RestoreHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
Image Version: 10.0.22621.1485
[== 3.8% ]
[== 4.8% ]
[=== 5.7% ]
[=== 6.7% ]
[==== 7.7% ]
[===== 8.7% ]
[===== 9.7% ]
[====== 10.6% ]
[====== 11.6% ]
[======= 12.6% ]
[======= 13.6% ]
[======== 14.6% ]
[========= 15.5% ]
[========= 16.5% ]
[========== 17.5% ]
[========== 18.3% ]
[=========== 19.0% ]
[=========== 19.1% ]
[=========== 20.1% ]
[============ 21.1% ]
[============ 22.0% ]
[============= 23.0% ]
[============= 24.0% ]
[============== 25.0% ]
[============== 25.7% ]
[=============== 26.7% ]
[================ 27.7% ]
[================ 28.7% ]
[================= 29.7% ]
[================= 30.6% ]
[================== 31.6% ]
[================== 32.6% ]
[=================== 32.9% ]
[=================== 33.6% ]
[=================== 34.4% ]
[==================== 35.4% ]
[===================== 36.4% ]
[===================== 37.4% ]
[====================== 38.3% ]
[====================== 39.3% ]
[======================= 40.3% ]
[======================= 41.3% ]
[======================== 42.3% ]
[========================= 43.2% ]
[========================= 44.2% ]
[========================== 45.2% ]
[========================== 46.2% ]
[===========================47.2% ]
[===========================48.2% ]
[===========================49.1% ]
[===========================50.1% ]
[===========================51.1% ]
[===========================52.0% ]
[===========================52.2% ]
[===========================52.4% ]
[===========================52.5% ]
[===========================52.6% ]
[===========================52.7% ]
[===========================52.8% ]
[===========================52.9% ]
[===========================53.1% ]
[===========================53.2% ]
[===========================53.4% ]
[===========================53.6% ]
[===========================53.7% ]
[===========================54.2% ]
[===========================54.3% ]
[===========================54.4% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================54.8% ]
[===========================54.9% ]
[===========================55.0% ]
[===========================55.1% ]
[===========================55.2% ]
[===========================55.4% ]
[===========================55.5% ]
[===========================55.7% ]
[===========================56.2% ]
[===========================56.3% ]
[===========================56.6% ]
[===========================56.8% ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.4%= ]
[===========================58.4%= ]
[===========================59.4%== ]
[===========================59.5%== ]
[===========================59.5%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.
========= End of CMD: =========
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 01:07:32 ====
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-10-2023
# Duration: 00:00:02
# OS: Windows 11 (Build 22621.1485)
# Scanned: 32095
# Detected: 13
* [ Services ] *
No malicious services found.
* [ Folders ] *
No malicious folders found.
* [ Files ] *
No malicious files found.
* [ DLL ] *
No malicious DLLs found.
* [ WMI ] *
No malicious WMI found.
* [ Shortcuts ] *
No malicious shortcuts found.
* [ Tasks ] *
No malicious tasks found.
* [ Registry ] *
No malicious registry entries found.
* [ Chromium (and derivatives) ] *
No malicious Chromium entries found.
* [ Chromium URLs ] *
No malicious Chromium URLs found.
* [ Firefox (and derivatives) ] *
No malicious Firefox entries found.
* [ Firefox URLs ] *
No malicious Firefox URLs found.
* [ Hosts File Entries ] *
No malicious hosts file entries found.
* [ Preinstalled Software ] *
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\Users\fredp\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\ALIENWARE UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
AdwCleaner[S00].txt - [2791 octets] - [05/04/2023 22:31:00]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/10/23
Scan Time: 1:24 AM
Log File: 1087cecc-d779-11ed-9f42-04bf1b3c0814.json
-Software Information-
Version: 4.5.26.259
Components Version: 1.0.1976
Update Package Version: 1.0.67815
License: Trial
-System Information-
OS: Windows 11 (Build 22621.1485)
CPU: x64
File System: NTFS
User: DESKTOP-HKKIPON\fredp
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275386
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 46 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Hello.
The only detected items by the AdwCleaner are related with pre-installed software: programs which were installed when you bought the computer. You may need/use them, you may not. If you would like, you could remove them, by running AdwCleaner once more and select to remove the pre-installed software. Let me know if you are going to do this.
Let's see fresh FRST logs now, please. I would like to review them, and then I'll try to reply to some of your questions above. Or ask you mine.
The only detected items by the AdwCleaner are related with pre-installed software: programs which were installed when you bought the computer. You may need/use them, you may not. If you would like, you could remove them, by running AdwCleaner once more and select to remove the pre-installed software. Let me know if you are going to do this.
Let's see fresh FRST logs now, please. I would like to review them, and then I'll try to reply to some of your questions above. Or ask you mine.
Understood on the pre-installed software, I will think about removing them. Fresh logs are below. On that subject of pre-installed apps: when I started up today, Support Assist was running and scanning my system - my past experience has indicated this was something I had to ask it to do, not something automatic. Just another oddity to add to my list of possible issues. Also, at the end of the "Addition" log I see that my defender scans seem to be stopping before completion, that will definitely be one of my questions - if there is a way to fix that, or if that's something potentially worrisome.
Thank you so much again; here are the FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2023
Ran by fredp (administrator) on DESKTOP-HKKIPON (Alienware Alienware m17 R5 AMD) (11-04-2023 16:48:40)
Running from C:\Users\fredp\OneDrive\Desktop
Loaded Profiles: fredp
Platform: Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\lightway.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\OCControlService\OCControl.Service.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserSessionAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atieclxx.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Chrome\Application\chrome.exe <17>
(Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe
(services.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <3>
(sihost.exe ->) (F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592 -> ) C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2\Win32\AlienwareOn-ScreenDisplay.exe
(svchost.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe <2>
(svchost.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.yourphone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596792 2022-09-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [I19E] => C:\WINDOWS\twain_32\Brimi19e\Common\TwDsUiLaunch.exe [85944 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3591168 2022-10-09] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3671040 2023-01-09] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4140496 2023-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [Google Update] => C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2023-03-30] (Google LLC -> Google LLC)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [854376 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\MountPoints2: {33ab8aaf-d451-11ed-b8d5-f0a654c10b19} - "E:\setup.EXE" /AUTORUN
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0868C196-60E4-4327-99B0-94F17E7E4059} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_fredp => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [6103432 2022-03-14] (Janos Mathe -> H.D.S. Hungary)
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {2729F51C-003C-4E67-9BFF-9050524C73BC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {27919CDE-0CD8-4096-8383-5412D45AB6E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {2D84916C-221D-4528-A62D-BAF8504B300D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {30ACDC9A-42AC-440C-90CA-FF2AAE8649CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {34E4A7E9-9A72-430B-9FBE-9B4DD1F125CB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\fredp\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-04-08] (ESET, spol. s r.o. -> ESET)
Task: {43DF4E4F-4607-40A2-8D6C-5D404EACEBFB} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
Task: {48752BE8-3146-4F12-9E3F-439D6B158167} - System32\Tasks\iGoAudioTask => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {4B4D9B4C-F6C4-4AF0-8C54-50DB2961B2E5} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5CA579F3-8DD3-4AF3-8EF0-18D4AB068ED7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [665952 2023-01-31] (Dell Inc -> Dell Inc.)
Task: {6476CF37-014F-4796-80A8-A6AF70344867} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {65A25EC7-DFFC-4651-9FA0-24B3333F6276} - System32\Tasks\iGoAudioTaskSession => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {67CD35A8-4AB2-47C3-ABEF-AB5D2AF089D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F787E5A-3796-4DDE-9030-1CADD6AC8832} - System32\Tasks\PowerToys\Autorun for fredp => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7115FB03-7F63-4D0C-B96E-24DAD160BB0B} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\fredp\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-04-08] (ESET, spol. s r.o. -> ESET)
Task: {79B73759-E18B-4E3C-BC46-5C0A6719778A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {800E6E64-B951-4AF2-981C-1E683ACFCB9E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {88F5E1F4-41DB-4701-A4B0-DFCA4EEB1F06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90187184-4F9C-47F3-935D-6F120623EA30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {A5A33354-A75F-4B61-8A26-5C7D5A6BBE26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5B41A1A-94F4-4CD7-A850-3B4E47890C38} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1367C87-4EC4-4BB5-AD83-52D8F2951F78} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168880 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3C31023-B4E7-435A-86F5-D661E6FF8592} - System32\Tasks\AWCC\Update => C:\Program Files (x86)\InstallShield Installation Information\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}\Update\IMSilentUpdate.exe [19888 2023-02-06] (Dell Inc -> )
Task: {D17368D8-8FCC-4D46-9DCD-B0DB96FF977F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E9B6E18F-7FAB-45E7-BFEE-405C04DAAD88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD97818A-E5B3-42B2-A3C0-724555B8E525} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{1c6e5fee-2fa5-4be9-86f0-17fff26595be}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{215f2c17-614a-4fc6-80f0-54b3556e6a28}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{6bdb5fe4-356c-49dd-a681-34ee3faa2bc2}: [NameServer] 100.64.100.1
Edge:
=======
Edge Profile: C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-04-10]
Edge Extension: (Edge relevant text changes) - C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-06]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default [2023-04-11]
CHR Notifications: Default -> hxxps://www.techguy.org
CHR Extension: (Google Docs Offline) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-31]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Alienware Digital Delivery Services; C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-11-07] (Dell Inc -> )
R2 Alienware SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2022-10-26] (Dell Inc -> Dell INC.)
R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [20912 2023-02-22] (Dell Inc -> Dell Technologies)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [372736 2023-01-04] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-11-18] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-08-16] (Dell Inc -> Dell)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe [2299944 2022-08-17] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IgoAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe [35000 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-01-31] (Dell Inc -> Dell Inc.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-11-10] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19456 2022-11-10] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_3f818c4efacb8c98\amdacpafd.sys [412624 2022-08-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35360 2022-06-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdpmf; C:\WINDOWS\System32\drivers\amdpmf.sys [105416 2021-12-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Program Files\Alienware\AMDRyzenMasterDriver\bin\AMDRyzenMasterDriver.sys [43336 2022-12-14] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\amdkmdag.sys [94462328 2022-09-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdwirelessbutton; C:\WINDOWS\System32\drivers\amdwirelessbutton.sys [41712 2021-12-22] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AWCCDriver; C:\WINDOWS\System32\drivers\AWCCDriver.sys [42448 2023-01-19] (IndiLogic LLC -> Dell Inc.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [47472 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [42456 2021-09-29] (Dell Inc -> OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2023-03-20] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [56552 2023-03-20] (Express VPN International Ltd. -> ExpressVPN)
S3 IntcSdwBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_4f92127e9a9f0760\IntcSdwBus.sys [509992 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
S3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87208 2021-09-17] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [232072 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77736 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsla3b05c1f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38F3890C-8EE3-4CFD-BF93-3D065B4142F3}\MpKslDrv.sys [211208 2023-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 MTKBTFilterX64; C:\WINDOWS\System32\drivers\mtkbtfilterx.sys [381360 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1656696 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [231496 2022-05-30] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 rt25cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_89da3c8218c64ec3\rt25cx21x64.sys [652264 2022-05-20] (Realtek Semiconductor Corp. -> Realtek)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2023-03-20] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49608 2023-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [495896 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-10 01:36 - 2023-04-10 01:36 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner (2).exe
2023-04-10 01:35 - 2023-04-10 01:35 - 002649088 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup-F7583306 (1).exe
2023-04-10 01:26 - 2023-04-10 01:26 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner (1).exe
2023-04-10 01:26 - 2023-04-10 01:26 - 002649088 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup-F7583306.exe
2023-04-10 01:22 - 2023-04-10 01:22 - 000232072 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-04-10 01:22 - 2023-04-10 01:22 - 000181816 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-04-10 01:22 - 2023-04-10 01:22 - 000002035 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-04-10 01:22 - 2023-04-10 01:22 - 000002023 _ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-04-10 01:22 - 2023-04-10 01:22 - 000000000 ____D C:\Users\fredp\AppData\Local\mbam
2023-04-10 01:21 - 2023-04-10 01:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-04-10 01:21 - 2023-04-10 01:21 - 000000000 ____D C:\Program Files\Malwarebytes
2023-04-10 01:12 - 2023-04-10 01:12 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner.exe
2023-04-10 00:56 - 2023-04-10 00:56 - 000000861 _ C:\Users\fredp\Downloads\fixlist.txt
2023-04-09 23:59 - 2023-04-09 23:59 - 000000017 _ C:\Users\fredp\AppData\Local\resmon.resmoncfg
2023-04-09 00:21 - 2023-04-09 00:21 - 000003858 _ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-04-09 00:21 - 2023-04-09 00:21 - 000003416 _ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-04-08 23:35 - 2023-04-08 23:41 - 000001384 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-04-08 23:35 - 2023-04-08 23:35 - 000000000 ____D C:\Users\fredp\AppData\Local\ESET
2023-04-08 18:49 - 2023-04-08 18:49 - 015274968 _ (ESET) C:\Users\fredp\Downloads\esetonlinescanner (1).exe
2023-04-08 04:30 - 2023-04-08 04:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-04-07 06:39 - 2023-04-07 06:44 - 501020672 _ C:\Users\fredp\Downloads\HomeStudent2021Retail.img
2023-04-07 05:57 - 2023-04-07 05:57 - 015274968 _ (ESET) C:\Users\fredp\Downloads\esetonlinescanner.exe
2023-04-07 05:48 - 2023-04-07 05:48 - 000000000 ____D C:\Users\fredp\Downloads\All_6
2023-04-07 05:42 - 2023-04-07 05:42 - 000000000 ____D C:\Users\fredp\Downloads\Get-ZimmermanTools
2023-04-07 05:39 - 2023-04-07 05:40 - 682108050 _ C:\Users\fredp\Downloads\All_6.zip
2023-04-07 05:37 - 2023-04-07 05:37 - 000015158 _ C:\Users\fredp\Downloads\Get-ZimmermanTools.zip
2023-04-07 04:49 - 2023-04-07 04:49 - 000082194 _ C:\Users\fredp\Downloads\FRST.txt
2023-04-07 04:42 - 2023-04-07 04:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-04-07 00:49 - 2023-04-07 00:49 - 001367688 _ (BraveSoftware Inc.) C:\Users\fredp\Downloads\BraveBrowserSetup32-BRV001.exe
2023-04-06 18:42 - 2023-04-08 22:34 - 000000000 ____D C:\Users\fredp\AppData\Roaming\IrfanView
2023-04-06 18:42 - 2023-04-06 18:42 - 004245976 _ (Irfan Skiljan) C:\Users\fredp\Downloads\iview462_x64_setup.exe
2023-04-06 18:42 - 2023-04-06 18:42 - 000000000 ____D C:\Program Files\IrfanView
2023-04-06 18:40 - 2023-04-06 18:40 - 000000000 ____D C:\Users\fredp\AppData\Local\ElevatedDiagnostics
2023-04-06 10:01 - 2023-04-06 10:01 - 000001063 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2023-04-06 09:59 - 2023-04-06 09:59 - 095927184 _ C:\Users\fredp\Downloads\torbrowser-install-win64-12.0.4_ALL.exe
2023-04-06 05:19 - 2023-04-08 23:36 - 000000000 ____D C:\Users\fredp\AppData\Local\CrashDumps
2023-04-05 23:48 - 2023-04-08 15:32 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\HardDiskSentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\Users\Default\AppData\Local\Dell
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\ProgramData\Alienware Command Center
2023-04-05 22:32 - 2023-04-08 15:32 - 000000000 ____D C:\WINDOWS\Minidump
2023-04-05 22:30 - 2023-04-05 22:31 - 000000000 ____D C:\AdwCleaner
2023-04-05 22:03 - 2023-04-11 16:48 - 000000000 ____D C:\FRST
2023-04-03 23:24 - 2023-04-03 23:24 - 000000000 _ C:\WINDOWS\invcol.tmp
2023-04-01 23:46 - 2023-04-01 23:56 - 000003280 _ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-31 10:55 - 2023-04-10 04:55 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000003642 _ C:\WINDOWS\system32\Tasks\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Brother
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Local\Brother
2023-03-31 10:53 - 2023-03-31 10:56 - 000000000 ____D C:\Program Files (x86)\Browny02
2023-03-31 10:53 - 2023-03-31 10:53 - 000002127 _ C:\Users\Public\Desktop\Brother Creative Center.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000001692 _ C:\Users\Public\Desktop\Brother Utilities.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000964 _ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxTx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxRx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\PC-FAXReceive
2023-03-31 10:53 - 2019-10-29 12:52 - 000318464 _ ( ) C:\WINDOWS\system32\BrFaxTxAppRunA64.dll
2023-03-31 10:53 - 2019-10-29 12:52 - 000000000 _ C:\WINDOWS\Brpfx04a.ini
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () C:\WINDOWS\system32\BrNetSti.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000670208 _ C:\WINDOWS\system32\NSSRH64.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000072192 _ () C:\WINDOWS\system32\BrWiaNCp.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000065024 _ () C:\WINDOWS\system32\Brnsplg.dll
2023-03-31 10:43 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\Brother
2023-03-31 10:38 - 2023-03-31 10:42 - 277743840 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\Y20C_C2_UWC_PP-usa-inst-B2.EXE
2023-03-31 10:36 - 2023-03-31 10:56 - 000000000 ____D C:\ProgramData\Brother
2023-03-31 10:34 - 2023-03-31 10:35 - 000000000 ____D C:\Users\fredp\Downloads\EasySetup_2_0_16_1
2023-03-31 10:18 - 2023-03-31 10:19 - 073119328 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\EasySetup_2_0_16_1.EXE
2023-03-31 01:28 - 2023-03-31 01:28 - 000000000 ___HD C:\$WinREAgent
2023-03-31 00:55 - 2023-04-11 16:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2023-03-31 00:55 - 2023-03-31 00:55 - 000000000 ____D C:\Program Files\PowerToys
2023-03-31 00:50 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\OneDrive
2023-03-31 00:45 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000002174 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000002162 _ C:\Users\Public\Desktop\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\OneNote Notebooks
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ToastNotificationManagerCompat
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\ProgramData\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2023-03-31 00:45 - 2023-01-26 16:31 - 000000173 ____R C:\Users\fredp\OneDrive\Documents\Fred's Notebook.url
2023-03-31 00:34 - 2023-03-31 00:34 - 000000000 ____D C:\Program Files (x86)\DummyDir
2023-03-31 00:28 - 2023-04-11 16:43 - 000001623 _ C:\WINDOWS\system32\config\VSMIDK
2023-03-31 00:26 - 2023-04-10 02:12 - 000000000 ____D C:\ProgramData\LogMeIn
2023-03-31 00:26 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeIn
2023-03-31 00:23 - 2023-04-10 02:08 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeInIgnition
2023-03-31 00:23 - 2023-04-06 07:34 - 000000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2023-03-31 00:23 - 2023-03-31 00:23 - 000002023 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2023-03-31 00:23 - 2023-03-31 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\LogMeInIgnition
2023-03-31 00:22 - 2023-03-31 00:22 - 010297344 _ C:\Users\fredp\Downloads\LogMeInIgnition.msi
2023-03-31 00:16 - 2023-04-08 00:08 - 000002440 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-31 00:16 - 2023-03-31 00:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\WINDOWS\Panther
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\Windows.old
2023-03-31 00:12 - 2023-03-31 00:12 - 000000000 ____D C:\WINDOWS\Firmware
2023-03-31 00:11 - 2023-03-31 00:11 - 000008192 _ C:\WINDOWS\system32\config\userdiff
2023-03-31 00:06 - 2023-04-05 03:11 - 000002504 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-31 00:06 - 2023-03-31 00:06 - 000003760 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95}
2023-03-31 00:06 - 2023-03-31 00:06 - 000003492 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922}
2023-03-31 00:03 - 2023-03-30 23:22 - 000000000 ___HD C:\$SysReset
2023-03-30 23:56 - 2023-03-30 23:56 - 000000000 ____D C:\Users\fredp\AppData\Local\Comms
2023-03-30 23:52 - 2023-03-31 00:07 - 000000000 ____D C:\Users\fredp\AppData\Local\Google
2023-03-30 23:52 - 2023-03-30 23:52 - 001427176 _ (Google LLC) C:\Users\fredp\Downloads\ChromeSetup.exe
2023-03-30 23:45 - 2023-04-07 00:56 - 000000000 ____D C:\Users\fredp\AppData\LocalLow\Mozilla
2023-03-30 23:45 - 2023-04-06 10:01 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-30 23:41 - 2023-03-30 23:41 - 000000000 ____D C:\Users\fredp\AppData\Local\Publishers
2023-03-30 23:33 - 2023-03-30 23:33 - 000000000 ____D C:\Users\fredp\AppData\Local\Dell
2023-03-30 23:30 - 2023-04-05 23:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-30 23:27 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\CEF
2023-03-30 23:26 - 2023-04-08 00:07 - 000000000 ____D C:\Users\fredp\AppData\Local\PlaceholderTileLogoFolder
2023-03-30 23:26 - 2023-04-05 21:22 - 000003592 _ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000003380 _ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000002385 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-03-30 23:25 - 2023-04-11 16:47 - 000804932 _ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-30 23:25 - 2023-03-30 23:25 - 000000000 ____D C:\Users\fredp\AppData\Local\Downloaded Installations
2023-03-30 23:24 - 2023-04-10 02:08 - 000000000 ____D C:\Users\fredp\AppData\Local\D3DSCache
2023-03-30 23:24 - 2023-04-08 20:36 - 000000000 ____D C:\Users\fredp\AppData\Local\Packages
2023-03-30 23:24 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ConnectedDevicesPlatform
2023-03-30 23:24 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\AMD
2023-03-30 23:24 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA Corporation
2023-03-30 23:24 - 2023-03-30 23:24 - 000000020 ___SH C:\Users\fredp\ntuser.ini
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Adobe
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Local\VirtualStore
2023-03-30 23:22 - 2023-04-11 16:43 - 000003310 _ C:\WINDOWS\system32\Tasks\iGoAudioTask
2023-03-30 23:22 - 2023-04-11 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-30 23:22 - 2023-04-05 22:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\AWCC
2023-03-30 23:22 - 2023-04-04 21:27 - 000003536 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-30 23:22 - 2023-04-04 21:27 - 000003412 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-30 23:22 - 2023-03-31 00:28 - 000003368 _ C:\WINDOWS\system32\Tasks\iGoAudioTaskSession
2023-03-30 23:22 - 2023-03-30 23:31 - 000003952 _ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2023-03-30 23:22 - 2023-03-30 23:22 - 000003398 _ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000003152 _ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002914 _ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:21 - 2023-04-11 16:43 - 000000000 ____D C:\Users\fredp
2023-03-30 23:18 - 2023-04-11 16:43 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-30 23:18 - 2023-04-01 20:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\ProgramData\Dolby
2023-03-30 23:17 - 2023-04-11 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-30 23:17 - 2023-04-08 15:32 - 000474848 _ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-30 23:17 - 2023-03-30 23:20 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\Program Files\AMD
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01.EXE
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01 (1).EXE
2023-03-30 21:56 - 2023-03-30 21:56 - 000702816 _ (Dell Inc.) C:\Users\fredp\Downloads\SupportAssistLauncher.exe
2023-03-28 22:16 - 2023-03-28 22:16 - 048184842 _ (SomePythonThings ) C:\Users\fredp\Downloads\ElevenClock.Installer.exe
2023-03-28 21:25 - 2023-03-28 21:25 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\PowerToys
2023-03-28 21:24 - 2023-03-31 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2023-03-28 18:44 - 2023-03-28 18:44 - 000001038 _ C:\Users\fredp\Downloads\Export-23032901423089219967a149bfe3.zip
2023-03-27 03:38 - 2023-03-27 03:39 - 000016658 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_033852.reg
2023-03-27 02:25 - 2023-03-27 02:25 - 000000452 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022503.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000083484 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022420.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000006088 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022443.reg
2023-03-27 01:44 - 2023-03-31 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-03-27 01:44 - 2023-03-27 01:44 - 000000980 _ C:\Users\fredp\Downloads\Documents - Shortcut.lnk
2023-03-27 01:43 - 2023-03-27 01:43 - 054286968 _ (Piriform Software Ltd) C:\Users\fredp\Downloads\ccsetup610.exe
2023-03-27 00:29 - 2023-03-27 00:29 - 000000000 ___DL C:\E
2023-03-27 00:14 - 2023-03-27 00:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\DellInc.DellSupportAssistforPCs_htrsf667h5kn2!App
2023-03-24 15:14 - 2023-03-24 15:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\Microsoft.DiagnosticDataViewer_8wekyb3d8bbwe!App
2023-03-24 03:26 - 2023-03-24 03:26 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\Custom Office Templates
2023-03-24 02:18 - 2023-03-24 02:18 - 000000000 ____H C:\Users\fredp\OneDrive\Documents\Default.rdp
2023-03-22 03:19 - 2023-03-22 03:19 - 062664616 _ (ExpressVPN) C:\Users\fredp\Downloads\expressvpn_windows_12.46.0.42_release.exe
2023-03-20 23:17 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2023-03-20 16:45 - 2023-03-20 16:45 - 000061496 _ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2023-03-20 16:45 - 2023-03-20 16:45 - 000056552 _ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-tun.sys
2023-03-20 07:16 - 2023-03-20 07:16 - 000391315 _ C:\Users\fredp\Downloads\3509-230318-Opp Ex Parte Final.pdf
2023-03-20 06:11 - 2023-03-20 06:11 - 000347441 _ C:\Users\fredp\Downloads\LTR ISR 4533-7120 draft (Natha)(18414727.1).pdf
2023-03-19 23:42 - 2023-03-19 23:42 - 000174843 _ C:\Users\fredp\Downloads\3509-230317-Ex Parte App to Cont Trial and Prop Ord-Amirtalesh.pdf
2023-03-12 19:36 - 2023-03-12 19:36 - 002580896 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-11 16:47 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2023-04-11 16:45 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files (x86)\Alienware Digital Delivery Services
2023-04-11 16:43 - 2023-01-19 10:15 - 000012288 ___SH C:\DumpStack.log.tmp
2023-04-11 16:43 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-04-11 16:43 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-10 01:22 - 2022-05-06 22:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-04-10 01:09 - 2022-05-06 22:17 - 000524288 _ C:\WINDOWS\system32\config\BBI
2023-04-10 01:06 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-08 15:32 - 2023-01-19 09:59 - 002715361 ____N C:\WINDOWS\Minidump\040823-20484-01.dmp
2023-04-08 00:08 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-08 00:08 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-07 06:02 - 2023-01-26 16:29 - 000000000 __RHD C:\Users\fredp\OneDrive
2023-04-07 06:02 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Packages
2023-04-07 04:42 - 2023-01-19 10:26 - 000002395 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-04-07 04:42 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office
2023-04-06 18:42 - 2023-02-13 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2023-04-05 22:52 - 2023-01-19 10:23 - 000000000 ____D C:\Program Files\Alienware
2023-04-05 22:52 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Package Cache
2023-04-05 22:51 - 2023-01-19 10:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-04-05 22:51 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files (x86)\Dell
2023-04-05 22:32 - 2023-01-19 09:59 - 002552063 ____N C:\WINDOWS\Minidump\040523-16296-01.dmp
2023-04-05 02:43 - 2022-05-24 21:28 - 000000000 ____D C:\dell
2023-04-03 23:24 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Dell
2023-04-03 01:22 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\Dell
2023-03-31 10:27 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-31 00:16 - 2023-01-26 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-31 00:16 - 2022-05-06 22:28 - 000000000 ____D C:\WINDOWS\Setup
2023-03-31 00:16 - 2022-05-06 22:24 - 000028672 _ C:\WINDOWS\system32\config\BCD-Template
2023-03-31 00:16 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-03-31 00:15 - 2022-05-06 22:25 - 000209920 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000249856 _ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-03-30 23:40 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-03-30 23:40 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2023-03-30 23:32 - 2023-01-19 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-03-30 23:30 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-03-30 23:24 - 2023-01-19 10:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-03-30 23:22 - 2023-02-23 14:12 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-03-30 23:22 - 2023-01-26 22:11 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-30 23:22 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-03-30 23:22 - 2022-05-06 22:17 - 000032768 _ C:\WINDOWS\system32\config\ELAM
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\WINDOWS\{427AB09C-B3AD-4EB7-9D73-6D584684FE91}
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\WINDOWS\nvmup
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:24 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-03-30 23:20 - 2023-01-19 10:23 - 000000000 ____D C:\ProgramData\Alienware
2023-03-30 23:20 - 2023-01-19 10:10 - 000000000 ____D C:\WINDOWS\scratch
2023-03-30 23:20 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-03-30 23:19 - 2023-01-19 10:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-03-30 23:19 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\dotnet
2023-03-30 23:19 - 2023-01-19 10:14 - 000000000 ____D C:\backup
2023-03-30 23:19 - 2023-01-19 10:01 - 000000000 ____D C:\MFG
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-03-30 23:17 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState
==================== Files in the root of some directories ========
2023-01-19 10:26 - 2021-05-14 04:42 - 000000235 _ () C:\ProgramData\LaunchOSDonce.vbs
2023-04-09 23:59 - 2023-04-09 23:59 - 000000017 _ () C:\Users\fredp\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2023
Ran by fredp (11-04-2023 16:49:50)
Running from C:\Users\fredp\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) (2023-03-31 06:24:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3247745194-3029165324-3130719624-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3247745194-3029165324-3130719624-503 - Limited - Disabled)
fredp (S-1-5-21-3247745194-3029165324-3130719624-1001 - Administrator - Enabled) => C:\Users\fredp
Guest (S-1-5-21-3247745194-3029165324-3130719624-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3247745194-3029165324-3130719624-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware CC Components for AWCC (1.1.37.0) (HKLM\...\Alienware CC Components for AWCC) (Version: 1.1.37.0 - Dell Inc) Hidden
Alienware Command Center Package Manager (HKLM-x32\...\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}) (Version: 5.5.43.0 - Dell Inc.)
Alienware Command Center Suite (HKLM\...\{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Command Center Suite (HKLM-x32\...\InstallShield_{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Digital Delivery Services (HKLM-x32\...\{CF95CED4-3A1E-4486-B7FA-428C25D617ED}) (Version: 5.0.64.0 - Dell Inc.)
Alienware FX Display Smart Installer (2.2.11.0) (HKLM\...\AWFXDisp_SmartInstaller) (Version: 2.2.11.0 - Dell Inc) Hidden
Alienware FX Display001 Smart Installer (2.4.1.205) (HKLM\...\{ACFDF14D-FCE6-4D6E-AD2B-BEFAF66FDAF4}_is1) (Version: 2.4.1.205 - Dell Inc.) Hidden
Alienware OC Controls (HKLM-x32\...\{24b87c1a-6ce2-4d88-ba35-c17b38acba62}) (Version: 1.4.26.1430 - Dell Inc) Hidden
Alienware OCControls Service Installer (HKLM\...\{0E2007DF-D030-449E-892F-E09FF4F8ECAE}) (Version: 1.4.26.1430 - DELL Inc) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM\...\{7DFEC04C-4CBC-4013-AAA2-A1E7B1CD135B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM-x32\...\{ab3f7261-beee-49b8-b31a-27dd1dfd122d}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware SupportAssist Remediation (HKLM\...\{DEF2160E-12B6-477C-9D55-DF4B100E3E2B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist Remediation (HKLM-x32\...\{9dd30d6d-7999-4e32-9295-a2d7ece703ba}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.3.0 - Dell Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
BrLauncher (HKLM-x32\...\{9D02508E-D7FF-4DC4-B423-B4C2AD42FAC5}) (Version: 2.0.27.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{3DEA56AB-0899-41DF-8C4F-0A608FD36904}) (Version: 10.5.0.74 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{d0c84829-3b3f-46d1-b292-e3fb77d972c2}) (Version: 10.5.0.74 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{79262B43-9E15-4732-A034-BFD29D9BD077}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{F9496A68-777D-4B9F-A72B-34FCA4AB6D55}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{DC05CAEF-CDB0-4DAA-A8A1-5B72B4714FD3}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{2326DFD5-AF8C-46B0-B2BA-943999A62FB9}) (Version: 1.0.12.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{8B58D1A2-DFAD-4069-A0C0-7FD272B68BB3}) (Version: 1.0.30.0 - Brother Industries Ltd.) Hidden
Dell SupportAssist (HKLM\...\{82B84211-71FD-4AB7-87D1-68568646860F}) (Version: 3.13.2.14 - Dell Inc.)
ExpressVPN (HKLM-x32\...\{bbf35f5e-ff68-491e-be69-1772c80b4a8f}) (Version: 12.46.0.42 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B898AD785B}) (Version: 12.46.0.42 - ExpressVPN) Hidden
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Google Chrome (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Google Chrome) (Version: 111.0.5563.148 - Google LLC)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 6.01 - Janos Mathe)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{E2D35939-25BF-4EC8-BF6D-F9C0AF8ECC11}) (Version: 2.0.30.1 - Brother Industries Ltd.)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
LogMeIn Client (HKLM-x32\...\{71B8933C-E625-4B0D-9A9D-343ED72F3BC2}) (Version: 1.3.5398 - LogMeIn, Inc.)
Malwarebytes version 4.5.26.259 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.26.259 - Malwarebytes)
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\OneDriveSetup.exe) (Version: 23.061.0319.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16227.20258 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM\...\{C1CD2FC1-92E6-4DE2-89D8-6D309881856F}) (Version: 48.39.47171 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM-x32\...\{569b351b-451b-48db-a2c7-7beb63411666}) (Version: 6.0.9.31620 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{A195CE5F-17C2-4BC1-AFE1-665695F8FF2E}) (Version: 1.2.23.0 - Brother Industries, Ltd.) Hidden
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
PC-FAXReceive (HKLM-x32\...\{56D227E7-9A8E-4EFC-8401-1FFFF7DBA13B}) (Version: 1.8.421.0 - Brother Industries, Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{4A924D32-17F1-4EFC-B2D8-BBCF1BC6E26C}) (Version: 3.7.15.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
PowerToys (Preview) (HKLM\...\{7F0C3584-ED21-4282-9931-50D173C2CCE5}) (Version: 0.68.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{51efee50-0959-4cb6-8958-e1c1ba33fbdf}) (Version: 0.68.1 - Microsoft Corporation)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9369.1 - Realtek Semiconductor Corp.)
ScannerUtilityInstaller (HKLM-x32\...\{D94DD953-F38C-4220-A17C-9217106510A6}) (Version: 1.20.0.1 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{3D1AD910-B82B-4635-B1C3-0CEF9F6F3D34}) (Version: 1.0.21.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{2CA4537C-19BA-47F5-88A6-7C9DB6BD37B4}) (Version: 1.35.1.0 - Brother Industries, Ltd.) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Packages:
=========
Alienware Customer Connect -> C:\Program Files\WindowsApps\DellInc.AlienwareCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Digital Delivery -> C:\Program Files\WindowsApps\DellInc.AlienwareDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2023-04-01] (Dell Inc)
Alienware OnScreen Display -> C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Update -> C:\Program Files\WindowsApps\DellInc.AlienwareUpdate_4.8.20.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2023-04-05] (Thoroughsoft)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\dellinc.dellsupportassistforpcs_3.13.7.0_x64__htrsf667h5kn2 [2023-03-31] (Dell Inc)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2209.22941.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation)
Direct Whois -> C:\Program Files\WindowsApps\KomodexSystems.DirectWhois_1.0.0.0_neutral__2164brwjfsjmg [2023-04-05] (Komodex Systems)
Dolby Access -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaccess_3.16.352.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.2.244.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
intelliGo Neptune -> C:\Program Files\WindowsApps\IntelligoTechnologyInc.intelliGoNeptune_1.0.112.0_x64__zzw691tb7va64 [2023-03-30] (Intelligo Technology Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corp.)
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_111.0.1.0_x64__n80bbvh6b1yt2 [2023-03-30] (Mozilla)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.93.6831.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [Startup Task]
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation)
My Alienware -> C:\Program Files\WindowsApps\DellInc.MyAlienware_2.2.4.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2023-04-05] (Shipwreck Software) [MS Ad]
Network Usage -> C:\Program Files\WindowsApps\7340RobertDurfee.NetworkUsage_3.1.8.0_x64__ygerwv1yqg9j8 [2023-04-05] (Robert Durfee)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-30] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.6154.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation) [Startup Task]
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys\modules\ImageResizer [2023-03-31] (0)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\modules\PowerRename [2023-03-31] (0)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.39.279.0_x64__dt26b99r8h8gj [2023-03-30] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Studios) [MS Ad]
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.8.0_x64__cw5n1h2txyewy [2023-04-06] (Microsoft Windows)
System Internals -> C:\Program Files\WindowsApps\58380Millionerd.55815960D4FD3_2.3.55.0_neutral__gvk782kz518e0 [2023-04-06] (Million)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-03-31] (Matt Hafner)
WiFi Manager -> C:\Program Files\WindowsApps\62283sudanec.WiFiManager_2.0.1.0_x64__jtya06md77q40 [2023-04-05] (sudanec)
WLAN-Monitor -> C:\Program Files\WindowsApps\42667Pinqinselektrostube.32892633D96D_1.1.0.0_x64__5d58qq83w4ter [2023-04-05] (Pinqinselektrostube)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{745fba2b-78ca-4eaf-6688-ba4f69a60391}\localserver32 -> C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe (Dell Inc -> Dell Technologies)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\fredp\AppData\Local\Google\Chrome\Application\111.0.5563.148\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\nvshext.dll [2022-06-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2022-11-10 18:46 - 2022-11-10 18:46 - 000543744 _ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 001874432 _ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 000020480 _ () [File not signed] C:\Program Files (x86)\Browny02\OfferingService.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 001704960 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\ffmpeg.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 000015872 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\libegl.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 002707968 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\libglesv2.dll
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 014199296 _ (Node.js) [File not signed] C:\Program Files (x86)\PowerENGAGE\node.dll
2022-11-07 12:53 - 2022-11-07 12:53 - 001548800 _ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Alienware Digital Delivery Services\SQLite.Interop.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-06 22:24 - 2022-05-06 22:22 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 100.64.100.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F"
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{13E84BE4-9861-4460-9EC5-67E6113D149A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9709BA26-B5C2-4DE9-8DBC-6ED379A6FD23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{673870B4-62D9-463E-81A3-A5F8AA6F8B05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A9D2C093-3C80-405D-9B38-8C1B151083AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{16C2FC97-5C84-42E1-B2EF-5DBAE74A3508}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D8D9112E-EFD0-4291-89D2-1A5AEB58509C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0BAC1BED-23F5-4956-AF04-C75C0ED4E7BB}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91509B0A-65AE-4F1D-8FB6-3D3AD8459109}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{03A9AC68-F811-4447-8FC9-ED6EF6DB54D6}] => (Allow) LPort=54925
FirewallRules: [{655A344F-7915-488F-9EB0-2B3BFF541E0B}] => (Allow) LPort=54950
FirewallRules: [{4FD38828-B9B7-4954-AE09-0B6500EEB2A6}] => (Allow) LPort=54955
FirewallRules: [{38D1B3CB-7B07-45BA-BED4-FB87A62F3912}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{4A944CEC-A899-40AA-82E6-C46A3ED032F5}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{9BAC68D4-F2ED-4548-9AAB-4F6643DEECF3}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{4E655236-DED2-4A04-9857-2291216C1F14}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [TCP Query User{B0604404-BA95-4557-BB66-0612903F16A9}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{91C6244B-3DDF-406D-B428-DAE208A7D660}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{7CB63A66-C35F-4D5B-8147-65C9E09501D6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{0BAF2920-A21F-4A30-8ED6-27233C91DCE1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{D0F95F91-5DDD-4682-BF1F-CFB0B6243DBD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
10-04-2023 01:05:28 Restore Point Created by FRST
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2
Error: (04/11/2023 04:43:35 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
System errors:
=============
Error: (04/11/2023 04:45:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/11/2023 04:43:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The IntelAudioService service terminated with the following service-specific error:
The operation completed successfully.
Error: (04/11/2023 04:43:34 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (04/11/2023 04:43:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:01:46 AM on ‎4/‎10/‎2023 was unexpected.
Error: (04/11/2023 04:43:19 PM) (Source: Microsoft-Windows-Hyper-V-Hypervisor) (EventID: 154) (User: NT AUTHORITY)
Description: Hypervisor failed to properly synchronize TSC across logical processors (Max delta: 24, Min delta: -1073).
Error: (04/11/2023 04:43:19 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY)
Description: 3221225595A fatal error occurred processing the restoration data.
Error: (04/10/2023 01:11:41 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/10/2023 01:09:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.
Windows Defender:
================
Date: 2023-04-10 00:08:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-09 00:04:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-08 00:25:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-04 23:46:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-04 00:18:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2023-04-11 16:50:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\fredp\AppData\Local\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Alienware 1.7.0 02/09/2023
Motherboard: Alienware 0FDTJY
Processor: AMD Ryzen 9 6900HX with Radeon Graphics
Percentage of memory in use: 13%
Total physical RAM: 64755.52 MB
Available physical RAM: 55785.63 MB
Total Virtual: 68851.52 MB
Available Virtual: 58123.58 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:932.68 GB) (Free:584.63 GB) (Model: PC801 NVMe SK hynix 1TB) (Protected) NTFS
\\?\Volume{3e2c92b7-2a74-49c0-8cf9-46d1e985e9b6}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.22 GB) NTFS
\\?\Volume{271e9d6e-def1-4889-bc12-8c71dbdfcf60}\ (Image) (Fixed) (Total:18.36 GB) (Free:0.1 GB) NTFS
\\?\Volume{8e1a14ad-82e4-4bb9-be60-998d2efd1910}\ (DELLSUPPORT) (Fixed) (Total:1.41 GB) (Free:0.47 GB) NTFS
\\?\Volume{be4a5e4d-dde6-4989-bbd5-0c4adf0542c1}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 26FFCC7B)
Partition: GPT.
==================== End of Addition.txt =======================
Thank you so much again; here are the FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2023
Ran by fredp (administrator) on DESKTOP-HKKIPON (Alienware Alienware m17 R5 AMD) (11-04-2023 16:48:40)
Running from C:\Users\fredp\OneDrive\Desktop
Loaded Profiles: fredp
Platform: Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\lightway.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
(C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\OCControlService\OCControl.Service.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserSessionAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atieclxx.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Chrome\Application\chrome.exe <17>
(Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\atiesrxx.exe
(services.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <3>
(sihost.exe ->) (F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592 -> ) C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2\Win32\AlienwareOn-ScreenDisplay.exe
(svchost.exe ->) (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.) C:\Windows\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe <2>
(svchost.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.yourphone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596792 2022-09-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [I19E] => C:\WINDOWS\twain_32\Brimi19e\Common\TwDsUiLaunch.exe [85944 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3591168 2022-10-09] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3671040 2023-01-09] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4140496 2023-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [Google Update] => C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2023-03-30] (Google LLC -> Google LLC)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [854376 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\MountPoints2: {33ab8aaf-d451-11ed-b8d5-f0a654c10b19} - "E:\setup.EXE" /AUTORUN
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0868C196-60E4-4327-99B0-94F17E7E4059} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_fredp => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [6103432 2022-03-14] (Janos Mathe -> H.D.S. Hungary)
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {1FE90F10-4DC8-4225-A8F3-EB904D5A93FF} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {2729F51C-003C-4E67-9BFF-9050524C73BC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {27919CDE-0CD8-4096-8383-5412D45AB6E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {2D84916C-221D-4528-A62D-BAF8504B300D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {30ACDC9A-42AC-440C-90CA-FF2AAE8649CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {34E4A7E9-9A72-430B-9FBE-9B4DD1F125CB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\fredp\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-04-08] (ESET, spol. s r.o. -> ESET)
Task: {43DF4E4F-4607-40A2-8D6C-5D404EACEBFB} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
Task: {48752BE8-3146-4F12-9E3F-439D6B158167} - System32\Tasks\iGoAudioTask => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {4B4D9B4C-F6C4-4AF0-8C54-50DB2961B2E5} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5CA579F3-8DD3-4AF3-8EF0-18D4AB068ED7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5DBCECCB-AFDE-4285-9340-BB6D6C0B68A8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [665952 2023-01-31] (Dell Inc -> Dell Inc.)
Task: {6476CF37-014F-4796-80A8-A6AF70344867} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {65A25EC7-DFFC-4651-9FA0-24B3333F6276} - System32\Tasks\iGoAudioTaskSession => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\iGoSwServer.exe [371296 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
Task: {67CD35A8-4AB2-47C3-ABEF-AB5D2AF089D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F787E5A-3796-4DDE-9030-1CADD6AC8832} - System32\Tasks\PowerToys\Autorun for fredp => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7115FB03-7F63-4D0C-B96E-24DAD160BB0B} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\fredp\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-04-08] (ESET, spol. s r.o. -> ESET)
Task: {79B73759-E18B-4E3C-BC46-5C0A6719778A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {800E6E64-B951-4AF2-981C-1E683ACFCB9E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {88F5E1F4-41DB-4701-A4B0-DFCA4EEB1F06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90187184-4F9C-47F3-935D-6F120623EA30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922} => C:\Users\fredp\AppData\Local\Google\Update\GoogleUpdate.exe [171480 2023-03-30] (Google LLC -> Google LLC)
Task: {A5A33354-A75F-4B61-8A26-5C7D5A6BBE26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5B41A1A-94F4-4CD7-A850-3B4E47890C38} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1367C87-4EC4-4BB5-AD83-52D8F2951F78} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168880 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3C31023-B4E7-435A-86F5-D661E6FF8592} - System32\Tasks\AWCC\Update => C:\Program Files (x86)\InstallShield Installation Information\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}\Update\IMSilentUpdate.exe [19888 2023-02-06] (Dell Inc -> )
Task: {D17368D8-8FCC-4D46-9DCD-B0DB96FF977F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-31] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E9B6E18F-7FAB-45E7-BFEE-405C04DAAD88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD97818A-E5B3-42B2-A3C0-724555B8E525} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{1c6e5fee-2fa5-4be9-86f0-17fff26595be}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{215f2c17-614a-4fc6-80f0-54b3556e6a28}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{6bdb5fe4-356c-49dd-a681-34ee3faa2bc2}: [NameServer] 100.64.100.1
Edge:
=======
Edge Profile: C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-04-10]
Edge Extension: (Edge relevant text changes) - C:\Users\fredp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-06]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default [2023-04-11]
CHR Notifications: Default -> hxxps://www.techguy.org
CHR Extension: (Google Docs Offline) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fredp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-31]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Alienware Digital Delivery Services; C:\Program Files (x86)\Alienware Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-11-07] (Dell Inc -> )
R2 Alienware SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2022-10-26] (Dell Inc -> Dell INC.)
R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [20912 2023-02-22] (Dell Inc -> Dell Technologies)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [372736 2023-01-04] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-11-08] (Dell Inc -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [47320 2022-11-18] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-08-16] (Dell Inc -> Dell)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_ce09737aeee31fb0\DAX3API.exe [2299944 2022-08-17] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2023-03-20] (EXPRSVPN LLC -> ExpressVPN)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IgoAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_06dbba3b0824e6c2\IgoAudioService_x64.exe [35000 2022-09-27] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelligo Technology Inc.)
S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-01-31] (Dell Inc -> Dell Inc.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-11-10] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19456 2022-11-10] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_3f818c4efacb8c98\amdacpafd.sys [412624 2022-08-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35360 2022-06-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdpmf; C:\WINDOWS\System32\drivers\amdpmf.sys [105416 2021-12-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Program Files\Alienware\AMDRyzenMasterDriver\bin\AMDRyzenMasterDriver.sys [43336 2022-12-14] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0383439.inf_amd64_373282d24608ea94\B383240\amdkmdag.sys [94462328 2022-09-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 amdwirelessbutton; C:\WINDOWS\System32\drivers\amdwirelessbutton.sys [41712 2021-12-22] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AWCCDriver; C:\WINDOWS\System32\drivers\AWCCDriver.sys [42448 2023-01-19] (IndiLogic LLC -> Dell Inc.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [47472 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [42456 2021-09-29] (Dell Inc -> OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2023-03-20] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [56552 2023-03-20] (Express VPN International Ltd. -> ExpressVPN)
S3 IntcSdwBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_4f92127e9a9f0760\IntcSdwBus.sys [509992 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
S3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87208 2021-09-17] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [232072 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77736 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsla3b05c1f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38F3890C-8EE3-4CFD-BF93-3D065B4142F3}\MpKslDrv.sys [211208 2023-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 MTKBTFilterX64; C:\WINDOWS\System32\drivers\mtkbtfilterx.sys [381360 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1656696 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [231496 2022-05-30] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 rt25cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_89da3c8218c64ec3\rt25cx21x64.sys [652264 2022-05-20] (Realtek Semiconductor Corp. -> Realtek)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2023-03-20] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49608 2023-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [495896 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-10 01:36 - 2023-04-10 01:36 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner (2).exe
2023-04-10 01:35 - 2023-04-10 01:35 - 002649088 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup-F7583306 (1).exe
2023-04-10 01:26 - 2023-04-10 01:26 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner (1).exe
2023-04-10 01:26 - 2023-04-10 01:26 - 002649088 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup-F7583306.exe
2023-04-10 01:22 - 2023-04-10 01:22 - 000232072 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-04-10 01:22 - 2023-04-10 01:22 - 000181816 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-04-10 01:22 - 2023-04-10 01:22 - 000002035 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-04-10 01:22 - 2023-04-10 01:22 - 000002023 _ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-04-10 01:22 - 2023-04-10 01:22 - 000000000 ____D C:\Users\fredp\AppData\Local\mbam
2023-04-10 01:21 - 2023-04-10 01:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-04-10 01:21 - 2023-04-10 01:21 - 000000000 ____D C:\Program Files\Malwarebytes
2023-04-10 01:12 - 2023-04-10 01:12 - 008791352 _ (Malwarebytes) C:\Users\fredp\Downloads\AdwCleaner.exe
2023-04-10 00:56 - 2023-04-10 00:56 - 000000861 _ C:\Users\fredp\Downloads\fixlist.txt
2023-04-09 23:59 - 2023-04-09 23:59 - 000000017 _ C:\Users\fredp\AppData\Local\resmon.resmoncfg
2023-04-09 00:21 - 2023-04-09 00:21 - 000003858 _ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-04-09 00:21 - 2023-04-09 00:21 - 000003416 _ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-04-08 23:35 - 2023-04-08 23:41 - 000001384 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-04-08 23:35 - 2023-04-08 23:35 - 000000000 ____D C:\Users\fredp\AppData\Local\ESET
2023-04-08 18:49 - 2023-04-08 18:49 - 015274968 _ (ESET) C:\Users\fredp\Downloads\esetonlinescanner (1).exe
2023-04-08 04:30 - 2023-04-08 04:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-04-07 06:39 - 2023-04-07 06:44 - 501020672 _ C:\Users\fredp\Downloads\HomeStudent2021Retail.img
2023-04-07 05:57 - 2023-04-07 05:57 - 015274968 _ (ESET) C:\Users\fredp\Downloads\esetonlinescanner.exe
2023-04-07 05:48 - 2023-04-07 05:48 - 000000000 ____D C:\Users\fredp\Downloads\All_6
2023-04-07 05:42 - 2023-04-07 05:42 - 000000000 ____D C:\Users\fredp\Downloads\Get-ZimmermanTools
2023-04-07 05:39 - 2023-04-07 05:40 - 682108050 _ C:\Users\fredp\Downloads\All_6.zip
2023-04-07 05:37 - 2023-04-07 05:37 - 000015158 _ C:\Users\fredp\Downloads\Get-ZimmermanTools.zip
2023-04-07 04:49 - 2023-04-07 04:49 - 000082194 _ C:\Users\fredp\Downloads\FRST.txt
2023-04-07 04:42 - 2023-04-07 04:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-04-07 00:49 - 2023-04-07 00:49 - 001367688 _ (BraveSoftware Inc.) C:\Users\fredp\Downloads\BraveBrowserSetup32-BRV001.exe
2023-04-06 18:42 - 2023-04-08 22:34 - 000000000 ____D C:\Users\fredp\AppData\Roaming\IrfanView
2023-04-06 18:42 - 2023-04-06 18:42 - 004245976 _ (Irfan Skiljan) C:\Users\fredp\Downloads\iview462_x64_setup.exe
2023-04-06 18:42 - 2023-04-06 18:42 - 000000000 ____D C:\Program Files\IrfanView
2023-04-06 18:40 - 2023-04-06 18:40 - 000000000 ____D C:\Users\fredp\AppData\Local\ElevatedDiagnostics
2023-04-06 10:01 - 2023-04-06 10:01 - 000001063 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2023-04-06 09:59 - 2023-04-06 09:59 - 095927184 _ C:\Users\fredp\Downloads\torbrowser-install-win64-12.0.4_ALL.exe
2023-04-06 05:19 - 2023-04-08 23:36 - 000000000 ____D C:\Users\fredp\AppData\Local\CrashDumps
2023-04-05 23:48 - 2023-04-08 15:32 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\HardDiskSentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Hard Disk Sentinel
2023-04-05 23:48 - 2023-04-05 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\Users\Default\AppData\Local\Dell
2023-04-05 22:51 - 2023-04-05 22:51 - 000000000 ____D C:\ProgramData\Alienware Command Center
2023-04-05 22:32 - 2023-04-08 15:32 - 000000000 ____D C:\WINDOWS\Minidump
2023-04-05 22:30 - 2023-04-05 22:31 - 000000000 ____D C:\AdwCleaner
2023-04-05 22:03 - 2023-04-11 16:48 - 000000000 ____D C:\FRST
2023-04-03 23:24 - 2023-04-03 23:24 - 000000000 _ C:\WINDOWS\invcol.tmp
2023-04-01 23:46 - 2023-04-01 23:56 - 000003280 _ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-31 10:55 - 2023-04-10 04:55 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000003642 _ C:\WINDOWS\system32\Tasks\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\PowerENGAGE
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Brother
2023-03-31 10:55 - 2023-03-31 10:55 - 000000000 ____D C:\Users\fredp\AppData\Local\Brother
2023-03-31 10:53 - 2023-03-31 10:56 - 000000000 ____D C:\Program Files (x86)\Browny02
2023-03-31 10:53 - 2023-03-31 10:53 - 000002127 _ C:\Users\Public\Desktop\Brother Creative Center.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000001692 _ C:\Users\Public\Desktop\Brother Utilities.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000964 _ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxTx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\PCFaxRx
2023-03-31 10:53 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\PC-FAXReceive
2023-03-31 10:53 - 2019-10-29 12:52 - 000318464 _ ( ) C:\WINDOWS\system32\BrFaxTxAppRunA64.dll
2023-03-31 10:53 - 2019-10-29 12:52 - 000000000 _ C:\WINDOWS\Brpfx04a.ini
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () C:\WINDOWS\system32\BrNetSti.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000670208 _ C:\WINDOWS\system32\NSSRH64.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000072192 _ () C:\WINDOWS\system32\BrWiaNCp.dll
2023-03-31 10:52 - 2019-07-12 15:45 - 000065024 _ () C:\WINDOWS\system32\Brnsplg.dll
2023-03-31 10:43 - 2023-03-31 10:53 - 000000000 ____D C:\Program Files (x86)\Brother
2023-03-31 10:38 - 2023-03-31 10:42 - 277743840 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\Y20C_C2_UWC_PP-usa-inst-B2.EXE
2023-03-31 10:36 - 2023-03-31 10:56 - 000000000 ____D C:\ProgramData\Brother
2023-03-31 10:34 - 2023-03-31 10:35 - 000000000 ____D C:\Users\fredp\Downloads\EasySetup_2_0_16_1
2023-03-31 10:18 - 2023-03-31 10:19 - 073119328 _ (SOURCENEXT CORPORATION) C:\Users\fredp\Downloads\EasySetup_2_0_16_1.EXE
2023-03-31 01:28 - 2023-03-31 01:28 - 000000000 ___HD C:\$WinREAgent
2023-03-31 00:55 - 2023-04-11 16:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2023-03-31 00:55 - 2023-03-31 00:55 - 000000000 ____D C:\Program Files\PowerToys
2023-03-31 00:50 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\OneDrive
2023-03-31 00:45 - 2023-03-31 00:50 - 000000000 ____D C:\Users\fredp\AppData\Local\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000002174 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000002162 _ C:\Users\Public\Desktop\ExpressVPN.lnk
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\OneNote Notebooks
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ToastNotificationManagerCompat
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\ProgramData\ExpressVPN
2023-03-31 00:45 - 2023-03-31 00:45 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2023-03-31 00:45 - 2023-01-26 16:31 - 000000173 ____R C:\Users\fredp\OneDrive\Documents\Fred's Notebook.url
2023-03-31 00:34 - 2023-03-31 00:34 - 000000000 ____D C:\Program Files (x86)\DummyDir
2023-03-31 00:28 - 2023-04-11 16:43 - 000001623 _ C:\WINDOWS\system32\config\VSMIDK
2023-03-31 00:26 - 2023-04-10 02:12 - 000000000 ____D C:\ProgramData\LogMeIn
2023-03-31 00:26 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeIn
2023-03-31 00:23 - 2023-04-10 02:08 - 000000000 ____D C:\Users\fredp\AppData\Local\LogMeInIgnition
2023-03-31 00:23 - 2023-04-06 07:34 - 000000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2023-03-31 00:23 - 2023-03-31 00:23 - 000002023 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2023-03-31 00:23 - 2023-03-31 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\LogMeInIgnition
2023-03-31 00:22 - 2023-03-31 00:22 - 010297344 _ C:\Users\fredp\Downloads\LogMeInIgnition.msi
2023-03-31 00:16 - 2023-04-08 00:08 - 000002440 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-31 00:16 - 2023-03-31 00:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\WINDOWS\Panther
2023-03-31 00:16 - 2023-03-30 23:24 - 000000000 ____D C:\Windows.old
2023-03-31 00:12 - 2023-03-31 00:12 - 000000000 ____D C:\WINDOWS\Firmware
2023-03-31 00:11 - 2023-03-31 00:11 - 000008192 _ C:\WINDOWS\system32\config\userdiff
2023-03-31 00:06 - 2023-04-05 03:11 - 000002504 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-31 00:06 - 2023-03-31 00:06 - 000003760 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001UA{5C13E383-669F-4A21-882B-FCE035D77A95}
2023-03-31 00:06 - 2023-03-31 00:06 - 000003492 _ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3247745194-3029165324-3130719624-1001Core{87E8B378-C78F-418C-B98F-6454B91A9922}
2023-03-31 00:03 - 2023-03-30 23:22 - 000000000 ___HD C:\$SysReset
2023-03-30 23:56 - 2023-03-30 23:56 - 000000000 ____D C:\Users\fredp\AppData\Local\Comms
2023-03-30 23:52 - 2023-03-31 00:07 - 000000000 ____D C:\Users\fredp\AppData\Local\Google
2023-03-30 23:52 - 2023-03-30 23:52 - 001427176 _ (Google LLC) C:\Users\fredp\Downloads\ChromeSetup.exe
2023-03-30 23:45 - 2023-04-07 00:56 - 000000000 ____D C:\Users\fredp\AppData\LocalLow\Mozilla
2023-03-30 23:45 - 2023-04-06 10:01 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-30 23:41 - 2023-03-30 23:41 - 000000000 ____D C:\Users\fredp\AppData\Local\Publishers
2023-03-30 23:33 - 2023-03-30 23:33 - 000000000 ____D C:\Users\fredp\AppData\Local\Dell
2023-03-30 23:30 - 2023-04-05 23:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-30 23:27 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\CEF
2023-03-30 23:26 - 2023-04-08 00:07 - 000000000 ____D C:\Users\fredp\AppData\Local\PlaceholderTileLogoFolder
2023-03-30 23:26 - 2023-04-05 21:22 - 000003592 _ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000003380 _ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3247745194-3029165324-3130719624-1001
2023-03-30 23:26 - 2023-04-05 21:22 - 000002385 _ C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA
2023-03-30 23:26 - 2023-03-30 23:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-03-30 23:25 - 2023-04-11 16:47 - 000804932 _ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-30 23:25 - 2023-03-30 23:25 - 000000000 ____D C:\Users\fredp\AppData\Local\Downloaded Installations
2023-03-30 23:24 - 2023-04-10 02:08 - 000000000 ____D C:\Users\fredp\AppData\Local\D3DSCache
2023-03-30 23:24 - 2023-04-08 20:36 - 000000000 ____D C:\Users\fredp\AppData\Local\Packages
2023-03-30 23:24 - 2023-03-31 00:45 - 000000000 ____D C:\Users\fredp\AppData\Local\ConnectedDevicesPlatform
2023-03-30 23:24 - 2023-03-31 00:26 - 000000000 ____D C:\Users\fredp\AppData\Local\AMD
2023-03-30 23:24 - 2023-03-30 23:27 - 000000000 ____D C:\Users\fredp\AppData\Local\NVIDIA Corporation
2023-03-30 23:24 - 2023-03-30 23:24 - 000000020 ___SH C:\Users\fredp\ntuser.ini
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Adobe
2023-03-30 23:24 - 2023-03-30 23:24 - 000000000 ____D C:\Users\fredp\AppData\Local\VirtualStore
2023-03-30 23:22 - 2023-04-11 16:43 - 000003310 _ C:\WINDOWS\system32\Tasks\iGoAudioTask
2023-03-30 23:22 - 2023-04-11 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-30 23:22 - 2023-04-05 22:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\AWCC
2023-03-30 23:22 - 2023-04-04 21:27 - 000003536 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-30 23:22 - 2023-04-04 21:27 - 000003412 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-30 23:22 - 2023-03-31 00:28 - 000003368 _ C:\WINDOWS\system32\Tasks\iGoAudioTaskSession
2023-03-30 23:22 - 2023-03-30 23:31 - 000003952 _ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2023-03-30 23:22 - 2023-03-30 23:22 - 000003398 _ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000003152 _ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002948 _ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:22 - 2023-03-30 23:22 - 000002914 _ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-30 23:21 - 2023-04-11 16:43 - 000000000 ____D C:\Users\fredp
2023-03-30 23:18 - 2023-04-11 16:43 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-30 23:18 - 2023-04-01 20:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-03-30 23:18 - 2023-03-30 23:18 - 000000000 ____D C:\ProgramData\Dolby
2023-03-30 23:17 - 2023-04-11 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-30 23:17 - 2023-04-08 15:32 - 000474848 _ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-30 23:17 - 2023-03-30 23:20 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-03-30 23:17 - 2023-03-30 23:17 - 000000000 ____D C:\Program Files\AMD
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01.EXE
2023-03-30 21:59 - 2023-03-30 21:59 - 039691408 _ (Dell Inc.) C:\Users\fredp\Downloads\MediaTek-MT7921-MT7922-Wi-Fi-UWD-Driver_89KDF_WIN_3.3.3.760_A11_01 (1).EXE
2023-03-30 21:56 - 2023-03-30 21:56 - 000702816 _ (Dell Inc.) C:\Users\fredp\Downloads\SupportAssistLauncher.exe
2023-03-28 22:16 - 2023-03-28 22:16 - 048184842 _ (SomePythonThings ) C:\Users\fredp\Downloads\ElevenClock.Installer.exe
2023-03-28 21:25 - 2023-03-28 21:25 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\PowerToys
2023-03-28 21:24 - 2023-03-31 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2023-03-28 18:44 - 2023-03-28 18:44 - 000001038 _ C:\Users\fredp\Downloads\Export-23032901423089219967a149bfe3.zip
2023-03-27 03:38 - 2023-03-27 03:39 - 000016658 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_033852.reg
2023-03-27 02:25 - 2023-03-27 02:25 - 000000452 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022503.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000083484 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022420.reg
2023-03-27 02:24 - 2023-03-27 02:24 - 000006088 _ C:\Users\fredp\OneDrive\Documents\cc_20230327_022443.reg
2023-03-27 01:44 - 2023-03-31 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-03-27 01:44 - 2023-03-27 01:44 - 000000980 _ C:\Users\fredp\Downloads\Documents - Shortcut.lnk
2023-03-27 01:43 - 2023-03-27 01:43 - 054286968 _ (Piriform Software Ltd) C:\Users\fredp\Downloads\ccsetup610.exe
2023-03-27 00:29 - 2023-03-27 00:29 - 000000000 ___DL C:\E
2023-03-27 00:14 - 2023-03-27 00:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\DellInc.DellSupportAssistforPCs_htrsf667h5kn2!App
2023-03-24 15:14 - 2023-03-24 15:14 - 000000000 ___RD C:\Users\fredp\OneDrive\Documents\Microsoft.DiagnosticDataViewer_8wekyb3d8bbwe!App
2023-03-24 03:26 - 2023-03-24 03:26 - 000000000 ____D C:\Users\fredp\OneDrive\Documents\Custom Office Templates
2023-03-24 02:18 - 2023-03-24 02:18 - 000000000 ____H C:\Users\fredp\OneDrive\Documents\Default.rdp
2023-03-22 03:19 - 2023-03-22 03:19 - 062664616 _ (ExpressVPN) C:\Users\fredp\Downloads\expressvpn_windows_12.46.0.42_release.exe
2023-03-20 23:17 - 2023-03-31 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2023-03-20 16:45 - 2023-03-20 16:45 - 000061496 _ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2023-03-20 16:45 - 2023-03-20 16:45 - 000056552 _ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-tun.sys
2023-03-20 07:16 - 2023-03-20 07:16 - 000391315 _ C:\Users\fredp\Downloads\3509-230318-Opp Ex Parte Final.pdf
2023-03-20 06:11 - 2023-03-20 06:11 - 000347441 _ C:\Users\fredp\Downloads\LTR ISR 4533-7120 draft (Natha)(18414727.1).pdf
2023-03-19 23:42 - 2023-03-19 23:42 - 000174843 _ C:\Users\fredp\Downloads\3509-230317-Ex Parte App to Cont Trial and Prop Ord-Amirtalesh.pdf
2023-03-12 19:36 - 2023-03-12 19:36 - 002580896 _ (Malwarebytes) C:\Users\fredp\Downloads\MBSetup.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-11 16:47 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2023-04-11 16:45 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files (x86)\Alienware Digital Delivery Services
2023-04-11 16:43 - 2023-01-19 10:15 - 000012288 ___SH C:\DumpStack.log.tmp
2023-04-11 16:43 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-04-11 16:43 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-10 01:22 - 2022-05-06 22:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-04-10 01:09 - 2022-05-06 22:17 - 000524288 _ C:\WINDOWS\system32\config\BBI
2023-04-10 01:06 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-08 15:32 - 2023-01-19 09:59 - 002715361 ____N C:\WINDOWS\Minidump\040823-20484-01.dmp
2023-04-08 00:08 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-08 00:08 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-07 06:02 - 2023-01-26 16:29 - 000000000 __RHD C:\Users\fredp\OneDrive
2023-04-07 06:02 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Packages
2023-04-07 04:42 - 2023-01-19 10:26 - 000002395 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-04-07 04:42 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office
2023-04-06 18:42 - 2023-02-13 00:23 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2023-04-05 22:52 - 2023-01-19 10:23 - 000000000 ____D C:\Program Files\Alienware
2023-04-05 22:52 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Package Cache
2023-04-05 22:51 - 2023-01-19 10:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-04-05 22:51 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files (x86)\Dell
2023-04-05 22:32 - 2023-01-19 09:59 - 002552063 ____N C:\WINDOWS\Minidump\040523-16296-01.dmp
2023-04-05 02:43 - 2022-05-24 21:28 - 000000000 ____D C:\dell
2023-04-03 23:24 - 2023-01-19 10:18 - 000000000 ____D C:\ProgramData\Dell
2023-04-03 01:22 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\Dell
2023-03-31 10:27 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-03-31 01:33 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-31 00:16 - 2023-01-26 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-31 00:16 - 2022-05-06 22:28 - 000000000 ____D C:\WINDOWS\Setup
2023-03-31 00:16 - 2022-05-06 22:24 - 000028672 _ C:\WINDOWS\system32\config\BCD-Template
2023-03-31 00:16 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-03-31 00:15 - 2022-05-06 22:25 - 000209920 _ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000249856 _ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-03-31 00:15 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-03-30 23:40 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-03-30 23:40 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2023-03-30 23:32 - 2023-01-19 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-03-30 23:32 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-03-30 23:30 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-03-30 23:24 - 2023-01-19 10:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-03-30 23:24 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-03-30 23:22 - 2023-02-23 14:12 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-03-30 23:22 - 2023-01-26 22:11 - 000000000 ____D C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-03-30 23:22 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-03-30 23:22 - 2022-05-06 22:17 - 000032768 _ C:\WINDOWS\system32\config\ELAM
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\WINDOWS\{427AB09C-B3AD-4EB7-9D73-6D584684FE91}
2023-03-30 23:20 - 2023-01-19 10:28 - 000000000 ____D C:\Program Files (x86)\Alienware Update
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\WINDOWS\nvmup
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-03-30 23:20 - 2023-01-19 10:24 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-03-30 23:20 - 2023-01-19 10:23 - 000000000 ____D C:\ProgramData\Alienware
2023-03-30 23:20 - 2023-01-19 10:10 - 000000000 ____D C:\WINDOWS\scratch
2023-03-30 23:20 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-03-30 23:19 - 2023-01-19 10:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-03-30 23:19 - 2023-01-19 10:18 - 000000000 ____D C:\Program Files\dotnet
2023-03-30 23:19 - 2023-01-19 10:14 - 000000000 ____D C:\backup
2023-03-30 23:19 - 2023-01-19 10:01 - 000000000 ____D C:\MFG
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-03-30 23:19 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-03-30 23:17 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState
==================== Files in the root of some directories ========
2023-01-19 10:26 - 2021-05-14 04:42 - 000000235 _ () C:\ProgramData\LaunchOSDonce.vbs
2023-04-09 23:59 - 2023-04-09 23:59 - 000000017 _ () C:\Users\fredp\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2023
Ran by fredp (11-04-2023 16:49:50)
Running from C:\Users\fredp\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1485 (X64) (2023-03-31 06:24:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3247745194-3029165324-3130719624-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3247745194-3029165324-3130719624-503 - Limited - Disabled)
fredp (S-1-5-21-3247745194-3029165324-3130719624-1001 - Administrator - Enabled) => C:\Users\fredp
Guest (S-1-5-21-3247745194-3029165324-3130719624-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3247745194-3029165324-3130719624-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Alienware CC Components for AWCC (1.1.37.0) (HKLM\...\Alienware CC Components for AWCC) (Version: 1.1.37.0 - Dell Inc) Hidden
Alienware Command Center Package Manager (HKLM-x32\...\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}) (Version: 5.5.43.0 - Dell Inc.)
Alienware Command Center Suite (HKLM\...\{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Command Center Suite (HKLM-x32\...\InstallShield_{68089185-71B6-4DB5-8BD9-0F21D19BD744}) (Version: 5.5.43.0 - Dell Inc.) Hidden
Alienware Digital Delivery Services (HKLM-x32\...\{CF95CED4-3A1E-4486-B7FA-428C25D617ED}) (Version: 5.0.64.0 - Dell Inc.)
Alienware FX Display Smart Installer (2.2.11.0) (HKLM\...\AWFXDisp_SmartInstaller) (Version: 2.2.11.0 - Dell Inc) Hidden
Alienware FX Display001 Smart Installer (2.4.1.205) (HKLM\...\{ACFDF14D-FCE6-4D6E-AD2B-BEFAF66FDAF4}_is1) (Version: 2.4.1.205 - Dell Inc.) Hidden
Alienware OC Controls (HKLM-x32\...\{24b87c1a-6ce2-4d88-ba35-c17b38acba62}) (Version: 1.4.26.1430 - Dell Inc) Hidden
Alienware OCControls Service Installer (HKLM\...\{0E2007DF-D030-449E-892F-E09FF4F8ECAE}) (Version: 1.4.26.1430 - DELL Inc) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM\...\{7DFEC04C-4CBC-4013-AAA2-A1E7B1CD135B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist OS Recovery Plugin for Alienware Update (HKLM-x32\...\{ab3f7261-beee-49b8-b31a-27dd1dfd122d}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware SupportAssist Remediation (HKLM\...\{DEF2160E-12B6-477C-9D55-DF4B100E3E2B}) (Version: 5.5.5.16208 - Dell Inc.) Hidden
Alienware SupportAssist Remediation (HKLM-x32\...\{9dd30d6d-7999-4e32-9295-a2d7ece703ba}) (Version: 5.5.5.16208 - Dell Inc.)
Alienware Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.3.0 - Dell Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
BrLauncher (HKLM-x32\...\{9D02508E-D7FF-4DC4-B423-B4C2AD42FAC5}) (Version: 2.0.27.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{3DEA56AB-0899-41DF-8C4F-0A608FD36904}) (Version: 10.5.0.74 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{d0c84829-3b3f-46d1-b292-e3fb77d972c2}) (Version: 10.5.0.74 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{79262B43-9E15-4732-A034-BFD29D9BD077}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{F9496A68-777D-4B9F-A72B-34FCA4AB6D55}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{DC05CAEF-CDB0-4DAA-A8A1-5B72B4714FD3}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{2326DFD5-AF8C-46B0-B2BA-943999A62FB9}) (Version: 1.0.12.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{8B58D1A2-DFAD-4069-A0C0-7FD272B68BB3}) (Version: 1.0.30.0 - Brother Industries Ltd.) Hidden
Dell SupportAssist (HKLM\...\{82B84211-71FD-4AB7-87D1-68568646860F}) (Version: 3.13.2.14 - Dell Inc.)
ExpressVPN (HKLM-x32\...\{bbf35f5e-ff68-491e-be69-1772c80b4a8f}) (Version: 12.46.0.42 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B898AD785B}) (Version: 12.46.0.42 - ExpressVPN) Hidden
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Google Chrome (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\Google Chrome) (Version: 111.0.5563.148 - Google LLC)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 6.01 - Janos Mathe)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{E2D35939-25BF-4EC8-BF6D-F9C0AF8ECC11}) (Version: 2.0.30.1 - Brother Industries Ltd.)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
LogMeIn Client (HKLM-x32\...\{71B8933C-E625-4B0D-9A9D-343ED72F3BC2}) (Version: 1.3.5398 - LogMeIn, Inc.)
Malwarebytes version 4.5.26.259 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.26.259 - Malwarebytes)
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\OneDriveSetup.exe) (Version: 23.061.0319.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16227.20258 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM\...\{C1CD2FC1-92E6-4DE2-89D8-6D309881856F}) (Version: 48.39.47171 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM-x32\...\{569b351b-451b-48db-a2c7-7beb63411666}) (Version: 6.0.9.31620 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{A195CE5F-17C2-4BC1-AFE1-665695F8FF2E}) (Version: 1.2.23.0 - Brother Industries, Ltd.) Hidden
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
PC-FAXReceive (HKLM-x32\...\{56D227E7-9A8E-4EFC-8401-1FFFF7DBA13B}) (Version: 1.8.421.0 - Brother Industries, Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{4A924D32-17F1-4EFC-B2D8-BBCF1BC6E26C}) (Version: 3.7.15.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
PowerToys (Preview) (HKLM\...\{7F0C3584-ED21-4282-9931-50D173C2CCE5}) (Version: 0.68.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{51efee50-0959-4cb6-8958-e1c1ba33fbdf}) (Version: 0.68.1 - Microsoft Corporation)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9369.1 - Realtek Semiconductor Corp.)
ScannerUtilityInstaller (HKLM-x32\...\{D94DD953-F38C-4220-A17C-9217106510A6}) (Version: 1.20.0.1 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{3D1AD910-B82B-4635-B1C3-0CEF9F6F3D34}) (Version: 1.0.21.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{2CA4537C-19BA-47F5-88A6-7C9DB6BD37B4}) (Version: 1.35.1.0 - Brother Industries, Ltd.) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Packages:
=========
Alienware Customer Connect -> C:\Program Files\WindowsApps\DellInc.AlienwareCustomerConnect_5.4.1.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Digital Delivery -> C:\Program Files\WindowsApps\DellInc.AlienwareDigitalDelivery_5.0.64.0_x64__htrsf667h5kn2 [2023-04-01] (Dell Inc)
Alienware OnScreen Display -> C:\Program Files\WindowsApps\dellinc.alienwareonscreendisplay_1.10.2.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Alienware Update -> C:\Program Files\WindowsApps\DellInc.AlienwareUpdate_4.8.20.0_x86__htrsf667h5kn2 [2023-03-30] (Dell Inc)
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2023-04-05] (Thoroughsoft)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\dellinc.dellsupportassistforpcs_3.13.7.0_x64__htrsf667h5kn2 [2023-03-31] (Dell Inc)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2209.22941.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation)
Direct Whois -> C:\Program Files\WindowsApps\KomodexSystems.DirectWhois_1.0.0.0_neutral__2164brwjfsjmg [2023-04-05] (Komodex Systems)
Dolby Access -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaccess_3.16.352.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.2.244.0_x64__rz1tebttyb220 [2023-03-30] (Dolby Laboratories)
intelliGo Neptune -> C:\Program Files\WindowsApps\IntelligoTechnologyInc.intelliGoNeptune_1.0.112.0_x64__zzw691tb7va64 [2023-03-30] (Intelligo Technology Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corp.)
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_111.0.1.0_x64__n80bbvh6b1yt2 [2023-03-30] (Mozilla)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.93.6831.0_x64__8wekyb3d8bbwe [2023-04-05] (Microsoft Corporation) [Startup Task]
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation)
My Alienware -> C:\Program Files\WindowsApps\DellInc.MyAlienware_2.2.4.0_x64__htrsf667h5kn2 [2023-03-30] (Dell Inc)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2023-04-05] (Shipwreck Software) [MS Ad]
Network Usage -> C:\Program Files\WindowsApps\7340RobertDurfee.NetworkUsage_3.1.8.0_x64__ygerwv1yqg9j8 [2023-04-05] (Robert Durfee)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-30] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.6154.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Corporation) [Startup Task]
PowerToys ImageResizer Context Menu -> C:\Program Files\PowerToys\modules\ImageResizer [2023-03-31] (0)
PowerToys PowerRename Context Menu -> C:\Program Files\PowerToys\modules\PowerRename [2023-03-31] (0)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.39.279.0_x64__dt26b99r8h8gj [2023-03-30] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-30] (Microsoft Studios) [MS Ad]
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.8.0_x64__cw5n1h2txyewy [2023-04-06] (Microsoft Windows)
System Internals -> C:\Program Files\WindowsApps\58380Millionerd.55815960D4FD3_2.3.55.0_neutral__gvk782kz518e0 [2023-04-06] (Million)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-03-31] (Matt Hafner)
WiFi Manager -> C:\Program Files\WindowsApps\62283sudanec.WiFiManager_2.0.1.0_x64__jtya06md77q40 [2023-04-05] (sudanec)
WLAN-Monitor -> C:\Program Files\WindowsApps\42667Pinqinselektrostube.32892633D96D_1.1.0.0_x64__5d58qq83w4ter [2023-04-05] (Pinqinselektrostube)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{745fba2b-78ca-4eaf-6688-ba4f69a60391}\localserver32 -> C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe (Dell Inc -> Dell Technologies)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\fredp\AppData\Local\Google\Chrome\Application\111.0.5563.148\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\fredp\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3247745194-3029165324-3130719624-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmegpu.inf_amd64_50940ba92eaca245\nvshext.dll [2022-06-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-10] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2022-11-10 18:46 - 2022-11-10 18:46 - 000543744 _ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 001874432 _ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2022-12-01 00:53 - 2022-12-01 00:53 - 000020480 _ () [File not signed] C:\Program Files (x86)\Browny02\OfferingService.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 001704960 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\ffmpeg.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 000015872 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\libegl.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 002707968 _ () [File not signed] C:\Program Files (x86)\PowerENGAGE\libglesv2.dll
2023-03-31 10:52 - 2019-09-26 16:19 - 000121344 _ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2019-01-10 13:04 - 2019-01-10 13:04 - 014199296 _ (Node.js) [File not signed] C:\Program Files (x86)\PowerENGAGE\node.dll
2022-11-07 12:53 - 2022-11-07 12:53 - 001548800 _ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Alienware Digital Delivery Services\SQLite.Interop.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-06 22:24 - 2022-05-06 22:22 - 000000824 _ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fredp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 100.64.100.1 - 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_84F953FEB4B40174043D59B459EAF93F"
HKU\S-1-5-21-3247745194-3029165324-3130719624-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{13E84BE4-9861-4460-9EC5-67E6113D149A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9709BA26-B5C2-4DE9-8DBC-6ED379A6FD23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{673870B4-62D9-463E-81A3-A5F8AA6F8B05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A9D2C093-3C80-405D-9B38-8C1B151083AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{16C2FC97-5C84-42E1-B2EF-5DBAE74A3508}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D8D9112E-EFD0-4291-89D2-1A5AEB58509C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0BAC1BED-23F5-4956-AF04-C75C0ED4E7BB}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91509B0A-65AE-4F1D-8FB6-3D3AD8459109}C:\users\fredp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\fredp\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{03A9AC68-F811-4447-8FC9-ED6EF6DB54D6}] => (Allow) LPort=54925
FirewallRules: [{655A344F-7915-488F-9EB0-2B3BFF541E0B}] => (Allow) LPort=54950
FirewallRules: [{4FD38828-B9B7-4954-AE09-0B6500EEB2A6}] => (Allow) LPort=54955
FirewallRules: [{38D1B3CB-7B07-45BA-BED4-FB87A62F3912}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{4A944CEC-A899-40AA-82E6-C46A3ED032F5}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{9BAC68D4-F2ED-4548-9AAB-4F6643DEECF3}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [{4E655236-DED2-4A04-9857-2291216C1F14}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrPrintFinishNotice\BrPrintFinishNotice.exe (Brother Industries, Ltd. -> )
FirewallRules: [TCP Query User{B0604404-BA95-4557-BB66-0612903F16A9}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{91C6244B-3DDF-406D-B428-DAE208A7D660}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{7CB63A66-C35F-4D5B-8147-65C9E09501D6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{0BAF2920-A21F-4A30-8ED6-27233C91DCE1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{D0F95F91-5DDD-4682-BF1F-CFB0B6243DBD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
10-04-2023 01:05:28 Restore Point Created by FRST
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1
Error: (04/11/2023 04:43:35 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2
Error: (04/11/2023 04:43:35 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
System errors:
=============
Error: (04/11/2023 04:45:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/11/2023 04:43:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The IntelAudioService service terminated with the following service-specific error:
The operation completed successfully.
Error: (04/11/2023 04:43:34 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (04/11/2023 04:43:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:01:46 AM on ‎4/‎10/‎2023 was unexpected.
Error: (04/11/2023 04:43:19 PM) (Source: Microsoft-Windows-Hyper-V-Hypervisor) (EventID: 154) (User: NT AUTHORITY)
Description: Hypervisor failed to properly synchronize TSC across logical processors (Max delta: 24, Min delta: -1073).
Error: (04/11/2023 04:43:19 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY)
Description: 3221225595A fatal error occurred processing the restoration data.
Error: (04/10/2023 01:11:41 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HKKIPON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (04/10/2023 01:09:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel(R) Audio Service service terminated with the following service-specific error:
The operation completed successfully.
Windows Defender:
================
Date: 2023-04-10 00:08:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-09 00:04:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-08 00:25:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-04 23:46:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-04 00:18:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2023-04-11 16:50:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\fredp\AppData\Local\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Alienware 1.7.0 02/09/2023
Motherboard: Alienware 0FDTJY
Processor: AMD Ryzen 9 6900HX with Radeon Graphics
Percentage of memory in use: 13%
Total physical RAM: 64755.52 MB
Available physical RAM: 55785.63 MB
Total Virtual: 68851.52 MB
Available Virtual: 58123.58 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:932.68 GB) (Free:584.63 GB) (Model: PC801 NVMe SK hynix 1TB) (Protected) NTFS
\\?\Volume{3e2c92b7-2a74-49c0-8cf9-46d1e985e9b6}\ (WINRETOOLS) (Fixed) (Total:1 GB) (Free:0.22 GB) NTFS
\\?\Volume{271e9d6e-def1-4889-bc12-8c71dbdfcf60}\ (Image) (Fixed) (Total:18.36 GB) (Free:0.1 GB) NTFS
\\?\Volume{8e1a14ad-82e4-4bb9-be60-998d2efd1910}\ (DELLSUPPORT) (Fixed) (Total:1.41 GB) (Free:0.47 GB) NTFS
\\?\Volume{be4a5e4d-dde6-4989-bbd5-0c4adf0542c1}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 26FFCC7B)
Partition: GPT.
==================== End of Addition.txt =======================
OK.
I can assure you that the system is clean. As to your questions, let's see which I can answer for you:
============================
Just to check your services, including Security:
I can assure you that the system is clean. As to your questions, let's see which I can answer for you:
It was not turned on. With the fix, we turned it on, and based on the latest logs, it is still on.
Windows Defender is enabled and running. What you see in the logs is normal. Please take a screenshot of a setting or a warning you are getting, to show me what really concerns you. You can also perform a full scan using Windows Defender, to assure that everything is running fine.
I didn't understand your question.
As I said, I don't see anything that makes me think that your system is compromised. Just to be sure, you can reset your router and change passwords (router/wifi).
I don't see Microsoft Office in the Installed Programs list in the logs.
============================
Just to check your services, including Security:
- Please download Farbar Service Scanner and save it on your Desktop. IMPORTANT.
- Right click on the tool icon and run it as administrator.
- Make sure all the options are checked.
- Click on the Scan button.
- It will create a log (FSS.txt) on your Desktop.
- Copy and paste the log's content to your next reply.
Due to lack of feedback, I can't provide instructions for removing the tools we used and reset the restore points.
However, since the computer is now clean, I'll mark the topic as Solved.
Clad we could help.
However, since the computer is now clean, I'll mark the topic as Solved.
Clad we could help.
I apologize, I went through an extremely busy few days at work and did not make this a priority; I really appreciate all your assistance, and I am gratified to hear that I may just be paranoid or not be understanding certain issues. Just to address the items in your previous post, nevermind the 8/16kb sized apps question I asked - I am sure it's not an issue, I am probably not understanding something about it.
RE: the Office issue. I see that your post was 4/12/23 when you didn't see Office in my installed program list; I did install it on that date so maybe it was not installed when the log was created but is there a way for you to re-check? I have pasted a screenshot showing that it was installed 4/12/23 at the end of this message, which was accomplished when I downloaded "Office Home and Student" from my microsoft account on that date. Since then I can use Word/ Powerpoint/ Excel but what has happened previously is that after a few days or some amount of time, that version of office seems to uninstall, and "Office 365" automatically downloads and replaces it. In fact, when I search for "Office" in my start menu, I see Word, Powerpoint, and Excel as the top results, and below that I see "Microsoft 365 (Office)" listed. I specifically did not purchase that version of office, instead I purchased home/student when I bought this computer on 1/27/23. Just for your info I included screenshots below of the start menu search results and the purchase history showing home/student in January 2023 from my microsoft account's "subscriptions and services" section.
I guess my problem is with this automatic downloading/replacing of my apps with other versions of them. I think the Office 365 is a trial version, because I know it has an ongoing cost to it that the version I purchased did not have. If possible I would love to disable automatic downloads/replacements of my apps which I don't authorize, but I can't seem to prevent some setting on my new laptop from making these sorts of things happen. I guess this is a minor issue in the grand scheme of things but just something I would like to have control over if it's an easy fix or something you're familiar with.
RE: Changing Wifi/router passwords. I tried this a couple weeks back and none of my settings would save, the networks and passwords reverted each time I tried to change them. I was following the instructions that my internet provider makes available online, I was ensuring I had the proper credentials from my router for administrative changes to be made, etc., but nothing I did worked. If you can point me to a step-by-step guide, for dummies I guess, to change network names and passwords, or if you need to know my provider/my router make and model or any other info, I would greatly appreciate it.
Ok here's the Farbar scan log results posted below. Underneath that, I included the screenshot of my purchase of Office home/student from my Microsoft account, in case it's anything you can provide feedback about. I am really grateful and reassured by what you've said thus far, and really want to extend my thanks.
Farbar Service Scanner Version: 03-04-2023
Ran by fredp (administrator) on 17-04-2023 at 21:03:54
Running from "C:\Users\fredp\OneDrive\Desktop"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
** End of log **
Screenshots: Office installed 4/12/23:
![Image]()
Start Menu search shows Office 365:
![Image]()
Microsoft Account shows purchase was for Home/Student 2021, not 365 or 365 family (offered as trial)
![Image]()
Thank you again!
RE: the Office issue. I see that your post was 4/12/23 when you didn't see Office in my installed program list; I did install it on that date so maybe it was not installed when the log was created but is there a way for you to re-check? I have pasted a screenshot showing that it was installed 4/12/23 at the end of this message, which was accomplished when I downloaded "Office Home and Student" from my microsoft account on that date. Since then I can use Word/ Powerpoint/ Excel but what has happened previously is that after a few days or some amount of time, that version of office seems to uninstall, and "Office 365" automatically downloads and replaces it. In fact, when I search for "Office" in my start menu, I see Word, Powerpoint, and Excel as the top results, and below that I see "Microsoft 365 (Office)" listed. I specifically did not purchase that version of office, instead I purchased home/student when I bought this computer on 1/27/23. Just for your info I included screenshots below of the start menu search results and the purchase history showing home/student in January 2023 from my microsoft account's "subscriptions and services" section.
I guess my problem is with this automatic downloading/replacing of my apps with other versions of them. I think the Office 365 is a trial version, because I know it has an ongoing cost to it that the version I purchased did not have. If possible I would love to disable automatic downloads/replacements of my apps which I don't authorize, but I can't seem to prevent some setting on my new laptop from making these sorts of things happen. I guess this is a minor issue in the grand scheme of things but just something I would like to have control over if it's an easy fix or something you're familiar with.
RE: Changing Wifi/router passwords. I tried this a couple weeks back and none of my settings would save, the networks and passwords reverted each time I tried to change them. I was following the instructions that my internet provider makes available online, I was ensuring I had the proper credentials from my router for administrative changes to be made, etc., but nothing I did worked. If you can point me to a step-by-step guide, for dummies I guess, to change network names and passwords, or if you need to know my provider/my router make and model or any other info, I would greatly appreciate it.
Ok here's the Farbar scan log results posted below. Underneath that, I included the screenshot of my purchase of Office home/student from my Microsoft account, in case it's anything you can provide feedback about. I am really grateful and reassured by what you've said thus far, and really want to extend my thanks.
Farbar Service Scanner Version: 03-04-2023
Ran by fredp (administrator) on 17-04-2023 at 21:03:54
Running from "C:\Users\fredp\OneDrive\Desktop"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
** End of log **
Screenshots: Office installed 4/12/23:
Start Menu search shows Office 365:
Microsoft Account shows purchase was for Home/Student 2021, not 365 or 365 family (offered as trial)
Thank you again!
Hi. It is important for you to understand:
1. When we start a procedure to check the computer, clean it or deal with any issues, we ask the users NOT to install or download anything until we finish. You didn't do that and as you see the procedure becomes more complicated.
2. It is important to sign in and check for replies at least once a day. We can't keep a thread open for anyone to respond every now and then, since other users appear asking for assistance. It's difficult for me to help 10 users at a time: I need to finish with the first ones, so I can continue with the new ones. The most important, a system changes while days are passing by. Logs may be much different today than a week later. So it is important the communication between the helper and the user to take place as regularly as possible.
Having said that:
Services are just fine.
Your initial logs here showed that you had Microsoft Office 365 installed. Your latest logs showed that no Microsoft Office is installed. Now you say that you installed Office, after you posted the logs.
What you can do, is to completely remove any instances of Office 365, and then install Office Home and Student 2021, from your Microsoft account page.
First, check your installation type and then either completely uninstall Office 365 using the uninstall tool or using Powershell. Details for these actions here: Uninstall Office from a PC - Microsoft Support
Then, go to your Microsoft account page and install Home and Student 2021 version of Office.
As to the following:
1. When we start a procedure to check the computer, clean it or deal with any issues, we ask the users NOT to install or download anything until we finish. You didn't do that and as you see the procedure becomes more complicated.
2. It is important to sign in and check for replies at least once a day. We can't keep a thread open for anyone to respond every now and then, since other users appear asking for assistance. It's difficult for me to help 10 users at a time: I need to finish with the first ones, so I can continue with the new ones. The most important, a system changes while days are passing by. Logs may be much different today than a week later. So it is important the communication between the helper and the user to take place as regularly as possible.
Having said that:
Services are just fine.
Your initial logs here showed that you had Microsoft Office 365 installed. Your latest logs showed that no Microsoft Office is installed. Now you say that you installed Office, after you posted the logs.
What you can do, is to completely remove any instances of Office 365, and then install Office Home and Student 2021, from your Microsoft account page.
First, check your installation type and then either completely uninstall Office 365 using the uninstall tool or using Powershell. Details for these actions here: Uninstall Office from a PC - Microsoft Support
Then, go to your Microsoft account page and install Home and Student 2021 version of Office.
As to the following:
I recommend you to ask this question at the Networking Forum, here at TSG. Since this area is not one of my strengths, I'm sure that someone else from the Trusted advisors will guide you. However, do not open a new thread there, until we finish from here.
You are very welcome.
Once again:
Due to lack of feedback, I can't provide instructions for removing the tools we used and reset the restore points.
However, since the computer is now clean, I'll mark the topic as Solved.
Clad we could help.
Due to lack of feedback, I can't provide instructions for removing the tools we used and reset the restore points.
However, since the computer is now clean, I'll mark the topic as Solved.
Clad we could help.
- Status
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
