Can't Get Mgtools To Work

Hello;

I'm trying to do the Malware removal guide. I got to the MG tools and I can't get them to work. I did all the suggestions listed to help get it working-- made sure UAC is off, turned off firewall & protection, etc.

It stops early on, it says ' "C:\users\(my pc name)" ' is not recognized as an internal or external command, operable program or batch file.

Can anyone help me get past this? THank you. )

 

Hello and thanks so much for your help;

The symptoms are that a few weeks ago my PC got super slow. I have a Dell Inspirion, I use Windows 10, and I'm only using 260 GB of memory (has 916 GB). It was pretty sudden and I hadn't downloaded anything big.

After a while I started having some trouble opening some apps or they would crash-- mainly games (not pirated, purchased). I tried the following over the last couple of weeks:
- Malwarebytes scan
- Disk defrag
- cleaned out cookies
- CCleaner
- Why So Slow
- Tweaking.com windows repair

Nothing has helped. When I did the other malware removal guide scans (Rootkit, Hitman Pro, etc.), there were things that did come up and I have those logs.

I'm going to shut everything else down right now and get the Farbar tool and as soon as I'm done I will c&p the logs.

Thanks again

 

PART 1 OF 2

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-05-2023
Ran by MSBel (administrator) on DESKTOP-DDKD5M9 (Dell Inc. Inspiron 5567) (04-05-2023 15:36:52)
Running from C:\Users\MSBel\OneDrive\Desktop\FRST64.exe
Loaded Profiles: MSBel
Platform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_af02201d084badde\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_af02201d084badde\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_af02201d084badde\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
Failed to access process -> chrome.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-02-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-02-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7824848 2016-07-20] (Compal electronic ,inc -> Dell Inc.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19638160 2016-12-28] (Entertainment Experience LLC -> Entertainment Experience)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1235160 2019-09-26] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (Canon Inc. -> CANON INC.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40758072 2023-04-28] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\Run: [CCleanerBrowserAutoLaunch_6A85284827A1C4F4C5D83CE250FB62B3] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3370504 2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\WINDOWS\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\WINDOWS\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-08-06] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\112.0.20907.140\Installer\chrmstp.exe [2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\112.0.5615.138\Installer\chrmstp.exe [2023-04-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EEF9F24-5B20-4384-9738-69E9496782CD} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {1F59AFD4-C0C0-4B8F-B043-C6D0B06FB8F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28383959-3492-436A-BC20-7F7AC484B0CB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [689136 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {42C8C0DA-57FA-4D84-AAB7-EBC4582C0C09} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-04-28] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4CE5F3EE-171D-4F3B-B810-FDC10CD94A3C} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-04-28] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "89122830-da1e-4b2d-b32f-f43ed7be687c" --version "6.12.10459" --silent
Task: {511029DB-DCF5-4976-B58F-E6C01CF1A536} - System32\Tasks\CCleanerSkipUAC - MSBel => C:\Program Files\CCleaner\CCleaner.exe [34503992 2023-04-28] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {51F10D50-DF40-421A-B40E-36FAF78D956D} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {5DAC3AC5-F622-4D64-BE02-E6D6EB818AF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513320 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6956DE7C-DC64-4164-8932-B8D8CAC3927C} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {70A6E074-F0BC-4735-833E-C71F12DC2AA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {714C7945-B8B3-49A2-B919-6311E9DCAE8E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-msbeltran@aol.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {9533D296-E8A0-4B10-AB33-1610317A9EF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-15] (Google Inc -> Google Inc.)
Task: {97578937-56E0-4A48-B4E2-804F3261F8DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9EB7EA73-1759-489D-A9AF-A52C85FAAA5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3DDCF1B-9F54-4F51-8FF6-116B4F5E0D95} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3370504 2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {B9AB3FAB-88D4-4BD5-B226-78DABB8BA97D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BFAD2359-6DAD-4A20-BEE8-9F5BB431DAE8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513320 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD4FA1C8-3515-4D55-A283-B4EBBC941973} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-msbeltran@aol.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D138AA69-E45C-48B6-89D1-FE1393D4880F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-15] (Google Inc -> Google Inc.)
Task: {D68E59DD-51A8-47C5-9434-4A2E74451872} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {DD5F4618-6709-4C34-9CF6-25243F089677} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3370504 2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {E55243E4-E9F0-497E-BB3D-35086EDFEDEA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123792 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB4DDA34-0444-4B49-B28E-86675C94CA8E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123792 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{635a7480-834c-4d30-b8b6-daddccbca5ff}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b1f994d5-716c-4208-b9aa-4e6840ce6c3f}: [DhcpNameServer] 8.8.8.8 8.8.4.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-03]
Edge Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-03-14]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2023-05-03]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-05-03]

FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Profile 7
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Default [2023-05-04]
CHR Notifications: Default -> hxxp://geoworkerz.lionbridge.com; hxxp://wardrobe.jellyneo.net; hxxp://www.crazygames.com; hxxp://www.neopets.com; hxxp://www.workworld.org; hxxps://messages.android.com
CHR StartupUrls: Default -> "hxxps://drive.google.com/drive/#my-drive"
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-22]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-03]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-05-03]
CHR Extension: (Support Free Content) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccfdmcpnegkbklbnljalffkiipjmnbec [2017-12-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-04-28]
CHR Extension: (Toggle Fullscreen in Hangout) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eekfhcmpmchbhkdeplplcljcggddkffb [2022-08-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-04-28]
CHR Extension: (+ Flip It) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbmppankahdodchhioklnbcmohehhjoa [2017-12-15]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2017-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-28]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-04-28]
CHR Extension: (Pinterest Save Button) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2023-04-12]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-04-28]
CHR Extension: (Google Hangouts) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2021-08-26]
CHR Extension: (Video Converter) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2017-12-15]
CHR Extension: (Save to Pocket) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2022-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Extension: (The Tracktor - Price History Tracker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onajjgekdldckfgodnmoallcmdmfcfom [2017-12-15]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2023-04-28]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-05-03]
CHR Extension: (Slides) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-07]
CHR Extension: (Docs) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-07]
CHR Extension: (Google Drive) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-07]
CHR Extension: (YouTube) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-07]
CHR Extension: (Adobe Acrobat) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-05-07]
CHR Extension: (Sheets) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-07]
CHR Extension: (Gmail) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-12]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-05-03]
CHR Extension: (Slides) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-20]
CHR Extension: (Docs) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-20]
CHR Extension: (Google Drive) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-20]
CHR Extension: (YouTube) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-20]
CHR Extension: (Adobe Acrobat) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-03]
CHR Extension: (Sheets) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-20]
CHR Extension: (Gmail) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-16]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6 [2023-05-03]
CHR Extension: (Ground News - Bias Checker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\agleiimpggapjekcdhdjbmegjbbkleie [2023-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-23]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-04-20]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 7 [2023-05-04]
CHR Notifications: Profile 7 -> hxxps://www.accuweather.com; hxxps://www.youtube.com
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-20]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 8 [2023-05-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-04-16]
CHR Extension: (Google Docs Offline) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-26]
CHR Profile: C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\112.0.20907.140\elevation_service.exe [1805392 2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2023-05-03] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749288 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11272296 2023-04-28] (Electronic Arts, Inc. -> Electronic Arts)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-05-02] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2954424 2023-05-02] (Malwarebytes Inc. -> Malwarebytes)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
S3 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93072 2016-12-12] (Entertainment Experience LLC -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-01-23] (AnchorFree Inc -> The OpenVPN Project)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 debutfilter; C:\WINDOWS\system32\DRIVERS\debutfilterx64.sys [55144 2019-07-16] (NCH Software Pty Ltd -> )
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsld3d41e1f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E41D53C-4435-48C9-B330-4357F90C69D8}\MpKslDrv.sys [212264 2023-05-04] (Microsoft Windows -> Microsoft Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-06-11] (McAfee, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)

 

PART 2 OF 2


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-04 15:33 - 2023-05-04 15:39 - 000000000 ____D C:\FRST
2023-05-04 00:51 - 2023-05-04 00:51 - 000002152 _____ C:\Users\Public\Desktop\EA.lnk
2023-05-04 00:51 - 2023-05-04 00:51 - 000000000 ____D C:\Users\MSBel\AppData\Local\Electronic Arts
2023-05-04 00:51 - 2023-05-04 00:51 - 000000000 ____D C:\Users\MSBel\AppData\Local\EADesktop
2023-05-04 00:51 - 2023-05-04 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-05-04 00:50 - 2023-05-04 00:59 - 000000000 ____D C:\ProgramData\EA Desktop
2023-05-04 00:47 - 2023-05-04 00:47 - 002355944 _____ (Electronic Arts) C:\Users\MSBel\Downloads\EAappInstaller (1).exe
2023-05-03 22:02 - 2023-05-03 22:02 - 000002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2023-05-03 22:02 - 2023-05-03 22:02 - 000000000 ____D C:\Users\MSBel\AppData\Local\CCleaner Browser
2023-05-03 22:02 - 2023-05-03 22:02 - 000000000 ____D C:\ProgramData\CCleaner Browser
2023-05-03 22:01 - 2023-05-03 22:01 - 000003842 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2023-05-03 22:01 - 2023-05-03 22:01 - 000003258 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2023-05-03 21:59 - 2023-05-03 22:23 - 000003462 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2023-05-03 21:59 - 2023-05-03 22:23 - 000003238 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2023-05-03 21:59 - 2023-05-03 22:02 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2023-05-03 21:54 - 2023-05-03 23:18 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-05-03 21:54 - 2023-05-03 22:23 - 000003108 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-05-03 21:54 - 2023-05-03 22:23 - 000002314 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - MSBel
2023-05-03 21:54 - 2023-05-03 21:54 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-05-03 21:54 - 2023-05-03 21:54 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2023-05-03 21:54 - 2023-05-03 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-05-03 21:53 - 2023-05-04 12:11 - 000000000 ____D C:\Program Files\CCleaner
2023-05-03 21:31 - 2023-05-03 21:32 - 056548952 _____ (Piriform Software Ltd) C:\Users\MSBel\Downloads\ccsetup612.exe
2023-05-03 19:20 - 2023-05-03 19:20 - 002355944 _____ (Electronic Arts) C:\Users\MSBel\Downloads\EAappInstaller.exe
2023-05-03 17:44 - 2023-05-03 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhySoSlow
2023-05-03 17:44 - 2016-12-17 20:59 - 000028928 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspWhy64.sys
2023-05-03 17:43 - 2023-05-03 17:44 - 000000000 ____D C:\Program Files\WhySoSlow
2023-05-03 16:59 - 2023-05-03 16:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-05-03 01:22 - 2023-05-03 01:22 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_696
2023-05-03 00:04 - 2023-05-03 00:04 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-DDKD5M9-Windows-10-Home-(64-bit).dat
2023-05-03 00:04 - 2023-05-03 00:04 - 000000000 ____D C:\RegBackup
2023-05-02 23:53 - 2023-05-03 22:23 - 000003068 _____ C:\WINDOWS\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2023-05-02 23:52 - 2023-05-02 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2023-05-02 23:51 - 2023-05-02 23:51 - 056651952 _____ (Tweaking.com) C:\Users\MSBel\Downloads\tweaking.com_windows_repair_aio_setup.exe
2023-05-02 23:51 - 2023-05-02 23:51 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2023-05-02 22:56 - 2023-05-02 22:56 - 000000000 ____D C:\Users\MSBel\AppData\Local\OneDrive
2023-05-02 22:07 - 2023-05-02 22:07 - 001993530 _____ C:\Users\MSBel\Downloads\MGtools (1).exe
2023-05-02 21:56 - 2023-05-02 21:56 - 001993530 _____ C:\Users\MSBel\Downloads\MGtools.exe
2023-05-02 19:37 - 2023-05-02 21:00 - 000000000 ____D C:\ProgramData\RogueKiller
2023-05-02 18:19 - 2023-05-02 18:19 - 000000000 ____D C:\Users\MSBel\AppData\Local\ToastNotificationManagerCompat
2023-05-02 18:14 - 2023-05-03 17:32 - 000496232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-05-02 18:07 - 2023-05-02 18:07 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-05-02 18:07 - 2023-05-02 18:07 - 000002095 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-05-02 18:04 - 2023-05-02 18:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-05-02 18:04 - 2023-05-02 18:04 - 000000000 ____D C:\Program Files\Malwarebytes
2023-05-02 17:58 - 2023-05-02 18:02 - 575181744 _____ (Malwarebytes) C:\Users\MSBel\Downloads\mb.exe
2023-05-02 17:30 - 2023-05-02 17:30 - 014248944 _____ (SurfRight B.V.) C:\Users\MSBel\Downloads\HitmanPro_x64.exe
2023-05-02 17:29 - 2023-05-02 17:30 - 320870728 _____ (Malwarebytes) C:\Users\MSBel\Downloads\mb4-setup-consumer-4.5.27.262-1.0.1991-1.0.68291.exe
2023-05-02 17:29 - 2023-05-02 17:30 - 035131824 _____ C:\Users\MSBel\Downloads\RogueKiller_portable64.exe
2023-05-02 17:22 - 2023-05-02 17:22 - 000001998 _____ C:\Users\MSBel\Downloads\AdwCleaner[C02].txt
2023-05-02 13:34 - 2023-05-02 17:11 - 008791352 _____ (Malwarebytes) C:\Users\MSBel\Downloads\AdwCleaner.exe
2023-04-28 21:36 - 2023-04-28 21:36 - 000002432 _____ C:\Users\MSBel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-23 18:36 - 2023-04-23 18:36 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2023-04-13 20:55 - 2023-04-13 20:55 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-13 20:55 - 2023-04-13 20:55 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-04-13 20:53 - 2023-05-03 22:22 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-04-12 00:26 - 2023-04-12 00:26 - 006844672 _____ (WiseCleaner.com ) C:\Users\MSBel\Downloads\WDCFree_10.9.8.814.exe
2023-04-11 18:06 - 2023-04-11 18:06 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-04 15:48 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-05-04 14:45 - 2017-12-31 20:53 - 000000000 ____D C:\Users\MSBel\AppData\Local\CrashDumps
2023-05-04 01:18 - 2018-05-21 19:31 - 000000000 ____D C:\Users\MSBel\AppData\Local\D3DSCache
2023-05-04 01:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-05-04 00:49 - 2022-11-11 04:35 - 000000000 ____D C:\Program Files\Electronic Arts
2023-05-04 00:48 - 2017-10-17 13:10 - 000000000 ____D C:\ProgramData\Package Cache
2023-05-04 00:33 - 2020-09-19 11:19 - 000776042 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-05-04 00:33 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-05-04 00:28 - 2020-09-19 11:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-05-04 00:28 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-05-04 00:28 - 2017-10-17 13:11 - 000000000 ____D C:\Intel
2023-05-04 00:27 - 2021-12-07 02:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-05-04 00:26 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-05-03 23:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-05-03 23:40 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-05-03 22:23 - 2021-12-14 00:43 - 000003126 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3669693024-4291697268-3814277477-1001
2023-05-03 22:23 - 2020-10-28 21:00 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3669693024-4291697268-3814277477-1001
2023-05-03 22:23 - 2020-09-19 11:41 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-03 22:23 - 2020-09-19 11:41 - 000003416 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-03 22:23 - 2020-09-19 11:41 - 000003300 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-05-03 22:23 - 2020-09-19 11:41 - 000003192 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-03 22:23 - 2020-09-19 11:41 - 000002318 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry
2023-05-03 22:22 - 2020-09-19 11:41 - 000002906 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-msbeltran@aol.com
2023-05-03 22:22 - 2020-09-19 11:41 - 000002860 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-msbeltran@aol.com
2023-05-03 22:15 - 2018-01-20 00:17 - 000000000 ____D C:\Users\MSBel\AppData\Local\Packages
2023-05-03 22:04 - 2017-12-15 10:29 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-03 21:50 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-05-03 21:17 - 2017-12-31 16:16 - 000000000 ____D C:\MGtools
2023-05-03 21:17 - 2017-12-15 10:18 - 000000000 ____D C:\Users\MSBel\AppData\Local\VirtualStore
2023-05-03 19:47 - 2017-12-23 17:26 - 000000000 ____D C:\Users\MSBel\AppData\Local\ElevatedDiagnostics
2023-05-03 17:59 - 2017-10-17 13:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-05-03 17:17 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-05-03 17:15 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-05-03 16:47 - 2017-10-17 13:12 - 000776046 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2023-05-03 02:12 - 2018-05-21 02:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-03 02:02 - 2017-12-22 11:47 - 000000000 ____D C:\Users\MSBel\AppData\Local\Adobe
2023-05-03 01:59 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-05-03 01:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Help
2023-05-02 21:51 - 2020-07-05 20:46 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-05-02 19:32 - 2020-09-19 10:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-05-02 19:27 - 2022-07-27 22:29 - 000000000 ____D C:\Users\MSBel\AppData\LocalLow\IGDump
2023-05-02 18:07 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-05-02 13:30 - 2021-07-29 23:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\WiseCleaner
2023-05-02 13:30 - 2021-07-29 23:20 - 000000000 ____D C:\Program Files (x86)\Wise
2023-05-02 13:28 - 2022-08-26 06:22 - 000000000 ____D C:\Program Files (x86)\BlueStacks X
2023-05-01 19:21 - 2017-12-15 11:01 - 000000000 ____D C:\Users\MSBel\AppData\Roaming\Microsoft\Office
2023-05-01 18:09 - 2020-09-19 11:03 - 000000000 ____D C:\Users\MSBel
2023-04-27 17:04 - 2017-12-15 11:01 - 000000000 ____D C:\Users\MSBel\AppData\Roaming\Microsoft\Word
2023-04-20 22:05 - 2017-12-15 10:29 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-04-20 22:05 - 2017-12-15 10:29 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-04-12 00:31 - 2020-09-08 08:21 - 000000000 ___DC C:\WINDOWS\Panther
2023-04-12 00:21 - 2021-02-12 09:11 - 000000000 ____D C:\Users\MSBel\AppData\Local\Notepad
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-12 00:12 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-11 19:00 - 2020-09-19 10:58 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-11 18:03 - 2017-12-16 10:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-11 17:56 - 2017-12-16 10:19 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2021-07-29 22:24 - 2020-02-27 07:51 - 000451456 _____ (COMODO) C:\ProgramData\cmdres.dll
2018-01-01 12:09 - 2018-01-20 00:46 - 000000293 _____ () C:\ProgramData\fontcacheev1.dat
2018-09-26 18:39 - 2018-09-26 18:39 - 000000000 _____ () C:\Users\MSBel\AppData\Local\oobelibMkey.log
2020-03-09 17:16 - 2020-03-09 17:16 - 000001220 _____ () C:\Users\MSBel\AppData\Local\Origin - Shortcut.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

PART 1 OF 2

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2023
Ran by MSBel (04-05-2023 15:55:02)
Running from C:\Users\MSBel\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2020-09-19 16:44:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3669693024-4291697268-3814277477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3669693024-4291697268-3814277477-503 - Limited - Disabled)
Guest (S-1-5-21-3669693024-4291697268-3814277477-501 - Limited - Disabled)
MSBel (S-1-5-21-3669693024-4291697268-3814277477-1001 - Administrator - Enabled) => C:\Users\MSBel
WDAGUtilityAccount (S-1-5-21-3669693024-4291697268-3814277477-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Photoshop Elements 2018 (HKLM-x32\...\{0C53F2C0-BB20-474F-8117-212DCCCDC090}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.1.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.12 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 112.0.20907.140 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.49 - NCH Software)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.174.0.5431 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{c1b84d01-f269-446f-b05c-add2615d139c}) (Version: 12.174.0.5431 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 112.0.5615.138 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{7B3B60EB-197B-4B06-ADFF-D0B50E755D4F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{EC465D35-92DC-4DAE-9EA8-01215688F709}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{E5B5A486-C7F5-429C-9324-13835620F2FD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{FBC819D6-78B6-49AB-931E-3D127D43BE64}) (Version: 30.100.1725.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a914536c-bd41-479c-96aa-dee4a9639c22}) (Version: 21.10.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{07AC08CE-C63D-4FAE-B215-F53E13EA005F}) (Version: 21.10.1.3139 - Intel Corporation) Hidden
Malwarebytes version 5.0.7.55 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.7.55 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.12253.1 - Waves Audio Ltd.) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20214 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.68 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\OneDriveSetup.exe) (Version: 23.076.0409.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{D3531D7A-B6FA-44A5-A024-E2A14F325F90}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{985F7F32-5BE4-4CDA-9582-F7AEA40D1974}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.019 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8895.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11242 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.97.62.1020 - Electronic Arts Inc.)
The Sims™ 4 Paranormal Stuff Pack (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}_The Sims 4 Paranormal Stuff Pack) (Version: 39.0.128.1020 - Electronic Arts Inc.)
The Sims™ 4 Snowy Escape (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}_The Sims 4 Snowy Escape) (Version: 38.0.175.1020 - Electronic Arts Inc.)
True Color (HKLM\...\{843D1B75-7A4E-4C8C-8348-BDF6C6EC3333}) (Version: 1.0.1.1 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{c38d939e-31d4-44fa-a07a-d28915046b7d}) (Version: 7.9.0.0 - Entertainment Experience)
True Color XML Tables (HKLM\...\{EAE8B515-AC0E-46A8-AA41-CAD18E4094CD}) (Version: 7.10.0.0 - Entertainment Experience LLC) Hidden
TrueColorXMLTables (HKLM-x32\...\{bf377b78-c440-4ce9-a962-2fde04e6d4cd}) (Version: 7.10.0.0 - Entertainment Experience)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.13.1 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.04 - NCH Software)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-4) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhySoSlow 1.51 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2023-05-03] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2023-05-03] (Dell Inc)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-05-03] (McAfee LLC.)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2023-05-03] (CYBERLINK CORPORATION.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1850.5.228.0_x64__8xx8rvfyw5nnt [2023-05-03] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2303.28002.0_x64__8wekyb3d8bbwe [2023-05-03] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2023-05-04] (Netflix, Inc.)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2023-05-03] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2023-05-03] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2023-05-03] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1001.0_x64__rh07ty8m5nkag [2023-05-03] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-05-04] (Microsoft Studios) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2023-05-03] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3669693024-4291697268-3814277477-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3669693024-4291697268-3814277477-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-14] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-14] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MSBel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\MSBel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d755e1040e5d38ac\Mia - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 8"
ShortcutWithArgument: C:\Users\MSBel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Mackenzie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\MSBel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b42be1c9c51179ef\Positively - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 7"
ShortcutWithArgument: C:\Users\MSBel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\PositivelySimful - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"

==================== Loaded Modules (Whitelisted) =============

2018-03-15 16:07 - 2014-08-06 08:25 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2023-04-28 15:23 - 2023-04-28 15:23 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2023-04-28 15:23 - 2023-04-28 15:23 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2023-04-28 15:23 - 2023-04-28 15:23 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2023-04-28 15:23 - 2023-04-28 15:23 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2023-04-28 15:23 - 2023-04-28 15:23 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2023-04-28 15:23 - 2023-04-28 15:23 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MSBel\Downloads\AdwCleaner.exe:MBAM.Zone.Identifier [229]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
DownloadDir: C:\Users\MSBel\OneDrive\Documents\Electronic Arts\The Sims 4\Mods
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3669693024-4291697268-3814277477-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_33050001005_88.0.4324.190_u_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3669693024-4291697268-3814277477-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search_path.yahoo.com/search_path?p={searchTerms}&fr=chr-comodo&type=33050001005_12.2.2.7036_i_ds
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-05-03 16:58 - 2023-05-03 16:58 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

 

PART 2 OF 2


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MSBel\OneDrive\Documents\Electronic Arts\The Sims 4\Screenshots\06-24-19_4-16-22 AM-2.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "Arcadetown Notifier"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "GoToMeeting v9"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_28CA645DD79781DB8B79166A2561F2B9"
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_6A85284827A1C4F4C5D83CE250FB62B3"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{DC91F52C-AB9A-415D-B7E4-A42CBFFAC5B3}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [TCP Query User{E6021D11-DADD-4214-95F1-BD15F70E88AA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [{86A4CB82-4A59-460A-94C2-EE0239389331}] => (Allow) C:\Users\MSBel\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{B12F847A-CFC0-4B4F-B0D4-34A772C069DD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [UDP Query User{9426686F-E087-4FE2-859E-F819DAE579D9}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{A0AF0DEC-A2D2-485E-B819-67897AC35FCE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B6452F12-258B-4504-A9C5-336FF387BC48}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [UDP Query User{FBCC5013-4A3E-4A26-B31D-8DDBEDF27915}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => No File
FirewallRules: [{DC318A15-BE47-4A43-8541-DE89A661FAE0}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe (PopCap Games -> )
FirewallRules: [{7AF51C59-5341-4A7A-8D54-4812A76F1C24}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe (PopCap Games -> )
FirewallRules: [{6F91BDB9-07B2-481B-A6BD-FC6E74E32DE1}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{426BF239-7B84-42AE-BE8E-092F910A4260}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{0D0D9A60-66AF-4030-8838-EA9079019C7B}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{8C053833-F1B5-4939-A3AC-441F341BBEDD}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{329188F5-FDE5-4673-9088-DFF6F82C33EC}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{BF842609-DCA8-4963-99F5-15168A4E5255}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{08590D49-DF5E-4FB2-B793-360B0CDC0214}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{FE994E3D-A386-48CF-AD02-6E45B2187F23}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{40B9192D-E42D-447C-AE08-0FC493B4E5D2}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E3FB1530-7151-4CD1-892D-24E048D10FCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CAD90CCB-10DB-48C5-AC7E-AE123C0E97EB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{289D93D4-5D54-46FE-8024-97EBE2A02904}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4D78C034-FE04-48C7-8CE6-0980C086ECCD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe => No File
FirewallRules: [{E5EF97B9-5AFA-4562-B1A2-D92BE9228AB3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{651B37FB-1AE5-468A-BEEB-A5237EDE149D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F3BE0F39-5CB8-4852-AF7A-F9015DA61DD1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{34584720-844E-4551-8560-F02A524CF394}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{66A09B6B-FFD4-4043-BCB1-AD72768A0C5C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5D917CFA-148A-4B35-AB60-5E42CCEDB34D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A2DDE988-C382-4F1D-B9C0-9BED735EE843}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{37D13B92-EB36-4759-9B68-E2928898E3CE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{39731F0B-E6B5-45EE-8159-D1FE3854C6D4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D5AE85D9-474F-49FB-8D00-7150506EB79C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{31F640AB-2D3E-4EF9-BE35-52EFAE75DC3C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{46808D05-E2EF-4666-BB68-83D047419DBE}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FirewallRules: [{97E05389-A152-4177-89B7-5A716BA3A699}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BB4CCE89-1520-4CE8-AC00-843004EDF596}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{666477E2-5FCE-49E4-941D-124AA5516F69}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BA012AAF-7BB3-49F0-87AB-8EA1BC16D64F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{6658325B-3951-40C2-8A27-173C7CAB0683}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{78FD6048-67F1-45C8-A3BF-67DF4D14F204}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{4B0258AB-609B-40A5-A5AD-67D6EB89705D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

02-05-2023 14:46:23 Scheduled Checkpoint
03-05-2023 21:45:19 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2023 03:34:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.5.2023.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1078

Start Time: 01d97ec783acae0d

Termination Time: 4294967295

Application Path: C:\Users\MSBel\Downloads\FRST64.exe

Report Id: ef9776f5-c3a7-4862-8224-f1278eaf63f2

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (05/04/2023 02:45:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Faulting module name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Exception code: 0xc0000409
Fault offset: 0x00008def
Faulting process id: 0x4a0
Faulting application start time: 0x01d97ec0f3ef2f20
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Report Id: 64d1d728-589c-4695-bfdc-1fc2654b2553
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2023 12:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OLicenseHeartbeat.exe, version: 16.0.16327.20214, time stamp: 0x6444cd50
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2846, time stamp: 0xb9bbdd8b
Exception code: 0xc06d007e
Fault offset: 0x00138fc2
Faulting process id: 0x1e8
Faulting application start time: 0x01d97eaacd9ff4c3
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9e12e13f-dfbd-4f43-b18b-dbdebafae2eb
Faulting package full name:
Faulting package-relative application ID:

Error: (05/04/2023 12:44:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Faulting module name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Exception code: 0xc0000409
Fault offset: 0x00008def
Faulting process id: 0xc6c
Faulting application start time: 0x01d97e4b623a1034
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Report Id: 63b22a55-205b-434d-b855-75f197d0a914
Faulting package full name:
Faulting package-relative application ID:

Error: (05/03/2023 11:34:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Faulting module name: sdxhelper.exe, version: 16.0.16327.20214, time stamp: 0x6444cdcc
Exception code: 0xc0000409
Fault offset: 0x00008def
Faulting process id: 0x27bc
Faulting application start time: 0x01d97e419943d885
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Faulting module path: C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe
Report Id: c5d228b1-c6af-40a5-9da3-8f542fbb36a2
Faulting package full name:
Faulting package-relative application ID:

Error: (05/03/2023 09:55:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.2846 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1aac

Start Time: 01d97e30f212d969

Termination Time: 1167

Application Path: C:\Windows\explorer.exe

Report Id: 969b0530-637e-4b34-b113-893d36c39a2c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/03/2023 07:24:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/03/2023 07:16:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (05/04/2023 03:50:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/04/2023 03:50:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/04/2023 03:50:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.


Windows Defender:
================
Date: 2023-05-03 23:36:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-03 21:53:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-05-03 15:39:05
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2023-05-04 15:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_af02201d084badde\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-05-03 21:44:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.2.8 05/22/2019
Motherboard: Dell Inc. 04M49V
Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 30%
Total physical RAM: 12186.72 MB
Available physical RAM: 8499.17 MB
Total Virtual: 15642.72 MB
Available Virtual: 12332.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.52 GB) (Free:650.82 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive e: (OS) (RAMDisk) (Total:916.52 GB) (Free:651.22 GB) (Model: TOSHIBA MQ01ABD100) NTFS

\\?\Volume{43d5e610-0a74-49ba-b3c4-f1c3728237f1}\ (WINRETOOLS) (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
\\?\Volume{0eb325ab-da23-467b-890a-4bef94e97af1}\ (Image) (Fixed) (Total:12.86 GB) (Free:0.12 GB) NTFS
\\?\Volume{329541be-48b1-401d-a144-ba4ce13ecf3a}\ () (Fixed) (Total:1.07 GB) (Free:0.5 GB) NTFS
\\?\Volume{b753b19c-fe18-4dd5-af3d-f9e24cc68d20}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1242126D)

Partition: GPT.

==================== End of Addition.txt =======================

 

Thanks Gary! The fix it stopped after an hour. It was running slow. Here's what I did get from it:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-05-2023
Ran by MSBel (04-05-2023 20:51:24) Run:1
Running from C:\Users\MSBel\OneDrive\Desktop
Loaded Profiles: MSBel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccfdmcpnegkbklbnljalffkiipjmnbec
C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho
SearchScopes: HKLM -> DefaultScope value is missing
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3Browser;%SystemRoot%\System32\browser.dll[X]
S3MicrosoftEdgeElevationService;"C:\ProgramFiles(x86)\Microsoft\Edge\Application\112.0.1722.68\elevation_service.exe"[X]
Winsock:Catalog917%windir%\system32\vsocklib.dll=>NoFile
Winsock:Catalog918%windir%\system32\vsocklib.dll=>NoFile
Winsock:Catalog9-x6417%windir%\system32\vsocklib.dll=>NoFile
Winsock:Catalog9-x6418%windir%\system32\vsocklib.dll=>NoFile
ShellIconOverlayIdentifiers:[00asw]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFile
ShellIconOverlayIdentifiers:[00avg]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFile
ContextMenuHandlers4:[OfflineFiles]->{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}=>->NoFile
ContextMenuHandlers5:[igfxcui]->{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}=>->NoFile
ContextMenuHandlers5:[igfxDTCM]->{9B5F5829-A529-4B12-814A-E81BCB8D93FC}=>->NoFile
ContextMenuHandlers6:[BriefcaseMenu]->{85BBD920-42A0-1069-A2E4-08002B30309D}=>->NoFile
ContextMenuHandlers6:[OfflineFiles]->{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}=>->NoFile
Handler:sacore-{5513F07E-936B-4E52-9B00-067394E91CC5}-NoFile
FirewallRules:[UDPQueryUser{DC91F52C-AB9A-415D-B7E4-A42CBFFAC5B3}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Block)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile
FirewallRules:[TCPQueryUser{E6021D11-DADD-4214-95F1-BD15F70E88AA}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Block)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile
FirewallRules:[{86A4CB82-4A59-460A-94C2-EE0239389331}]=>(Allow)C:\Users\MSBel\AppData\Roaming\Zoom\bin\Zoom.exe=>NoFile
FirewallRules:[TCPQueryUser{B6452F12-258B-4504-A9C5-336FF387BC48}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Allow)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile
FirewallRules:[UDPQueryUser{FBCC5013-4A3E-4A26-B31D-8DDBEDF27915}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Allow)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile
FirewallRules:[{6F91BDB9-07B2-481B-A6BD-FC6E74E32DE1}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\BlueStacksWeb.exe=>NoFile
FirewallRules:[{426BF239-7B84-42AE-BE8E-092F910A4260}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\CloudGame.exe=>NoFile
FirewallRules:[{0D0D9A60-66AF-4030-8838-EA9079019C7B}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\BlueStacksWeb.exe=>NoFile
FirewallRules:[{8C053833-F1B5-4939-A3AC-441F341BBEDD}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\CloudGame.exe=>NoFile
FirewallRules:[{329188F5-FDE5-4673-9088-DFF6F82C33EC}]=>(Allow)C:\ProgramFiles\BlueStacks_nxt\HD-Player.exe=>NoFile
FirewallRules:[{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile
FirewallRules:[{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile
FirewallRules:[{01DF0815-250E-4BEF-A399-C43432F6D46B}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile
FirewallRules:[{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile
FirewallRules:[{4D78C034-FE04-48C7-8CE6-0980C086ECCD}]=>(Allow)C:\ProgramFiles(x86)\MicrosoftOffice\root\Office16\outlook.exe=>NoFile
EdgeExtensionNoName)->AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill[notfound]
EdgeExtensionNoName)->BookReader_B171F20233094AC88D05A8EF7B9763E8=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer[notfound]
EdgeExtensionNoName)->LearningTools_7706F933-971C-41D1-9899-8A026EB5D824=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools[notfound]
EdgeExtensionNoName)->PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI[notfound]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccfdmcpnegkbklbnljalffkiipjmnbec => moved successfully
C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho => moved successfully
C:\Users\MSBel\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
S3Browser;%SystemRoot%\System32\browser.dll[X] => Error: No automatic fix found for this entry.
S3MicrosoftEdgeElevationService;"C:\ProgramFiles(x86)\Microsoft\Edge\Application\112.0.1722.68\elevation_service.exe"[X] => Error: No automatic fix found for this entry.
Winsock:Catalog917%windir%\system32\vsocklib.dll=>NoFile => Error: No automatic fix found for this entry.
Winsock:Catalog918%windir%\system32\vsocklib.dll=>NoFile => Error: No automatic fix found for this entry.
Winsock:Catalog9-x6417%windir%\system32\vsocklib.dll=>NoFile => Error: No automatic fix found for this entry.
Winsock:Catalog9-x6418%windir%\system32\vsocklib.dll=>NoFile => Error: No automatic fix found for this entry.
"ShellIconOverlayIdentifiers:[00asw]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFile" => not found
"ShellIconOverlayIdentifiers:[00avg]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFile" => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ContextMenuHandlers4:[OfflineFiles]->{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}=>->NoFile => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ContextMenuHandlers5:[igfxcui]->{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}=>->NoFile => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ContextMenuHandlers5:[igfxDTCM]->{9B5F5829-A529-4B12-814A-E81BCB8D93FC}=>->NoFile => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ContextMenuHandlers6:[BriefcaseMenu]->{85BBD920-42A0-1069-A2E4-08002B30309D}=>->NoFile => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ContextMenuHandlers6:[OfflineFiles]->{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}=>->NoFile => not found
Handler:sacore-{5513F07E-936B-4E52-9B00-067394E91CC5}-NoFile => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[UDPQueryUser{DC91F52C-AB9A-415D-B7E4-A42CBFFAC5B3}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Block)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[TCPQueryUser{E6021D11-DADD-4214-95F1-BD15F70E88AA}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Block)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{86A4CB82-4A59-460A-94C2-EE0239389331}]=>(Allow)C:\Users\MSBel\AppData\Roaming\Zoom\bin\Zoom.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[TCPQueryUser{B6452F12-258B-4504-A9C5-336FF387BC48}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Allow)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[UDPQueryUser{FBCC5013-4A3E-4A26-B31D-8DDBEDF27915}C:\programfiles(x86)\comodo\dragon\dragon.exe]=>(Allow)C:\programfiles(x86)\comodo\dragon\dragon.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{6F91BDB9-07B2-481B-A6BD-FC6E74E32DE1}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\BlueStacksWeb.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{426BF239-7B84-42AE-BE8E-092F910A4260}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\CloudGame.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{0D0D9A60-66AF-4030-8838-EA9079019C7B}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\BlueStacksWeb.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{8C053833-F1B5-4939-A3AC-441F341BBEDD}]=>(Allow)C:\ProgramFiles(x86)\BlueStacksX\CloudGame.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{329188F5-FDE5-4673-9088-DFF6F82C33EC}]=>(Allow)C:\ProgramFiles\BlueStacks_nxt\HD-Player.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{01DF0815-250E-4BEF-A399-C43432F6D46B}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}]=>(Allow)C:\ProgramFiles\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe=>NoFile" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules:[{4D78C034-FE04-48C7-8CE6-0980C086ECCD}]=>(Allow)C:\ProgramFiles(x86)\MicrosoftOffice\root\Office16\outlook.exe=>NoFile" => not found
EdgeExtensionNoName)->AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill[notfound] => Error: No automatic fix found for this entry.
EdgeExtensionNoName)->BookReader_B171F20233094AC88D05A8EF7B9763E8=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer[notfound] => Error: No automatic fix found for this entry.
EdgeExtensionNoName)->LearningTools_7706F933-971C-41D1-9899-8A026EB5D824=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools[notfound] => Error: No automatic fix found for this entry.
EdgeExtensionNoName)->PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368=>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI[notfound] => Error: No automatic fix found for this entry.

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{5228339B-3C82-4590-AA63-28ACA522C464} canceled.
{8647D6E1-FEAC-46CF-ADC0-2F837FEDD584} canceled.
{C655A05C-A59E-419B-8688-CAC6F08E0778} canceled.
{12BCA860-3538-4355-B17C-5470C694B8D6} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========


Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION

 

No trouble at all! Anything you need, I appreciate the help. I'll get right on it.

 

Here's the FRST

 

Here's the addition

 

Hi Gary; hope you're having a good evening. Here is the new fixlog, it all finished and rebooted me this time. Things seem to be opening faster, too.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-05-2023
Ran by MSBel (05-05-2023 21:37:01) Run:2
Running from C:\Users\MSBel\OneDrive\Desktop
Loaded Profiles: MSBel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\elevation_service.exe" [X]
HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
Powershell: Get-AppxPackage McAfee® Personal Security | Remove-AppxPackage
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\elevation_service.exe" [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\MSBel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd => moved successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
HKLM\System\CurrentControlSet\Services\MicrosoftEdgeElevationService => removed successfully
MicrosoftEdgeElevationService => service removed successfully
"HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\McAfeeSafeConnect" => removed successfully
"HKU\S-1-5-21-3669693024-4291697268-3814277477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => not found

========= Get-AppxPackage McAfee® Personal Security | Remove-AppxPackage =========

Get-AppxPackage : A positional parameter cannot be found that accepts argument 'Security'.
At C:\FRST\tmp.ps1:1 char:1
+ Get-AppxPackage McAfee® Personal Security | Remove-AppxPackage
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: ) [Get-AppxPackage], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Windows.Appx.PackageManager.Commands.GetAppxPackag
eCommand


========= End of Powershell: =========

Browser => service not found.
MicrosoftEdgeElevationService => service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13792943 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 85022670 B
Edge => 0 B
Chrome => 568428702 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 54052884 B
systemprofile32 => 54052884 B
LocalService => 54052884 B
NetworkService => 54054052 B
MSBel => 163573324 B
defaultuser100000 => 163579980 B
defaultuser100001 => 163586636 B
defaultuser100000.DESKTOP-DDKD5M9 => 163593292 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:41:37 ====

 

Good Morning Gary,

The only problems I've had with Office is that it's slow & laggy like everything else. Like clicking to open or save a file takes a minute. Other than that it has been working as usual, no problems.

Here's the newest log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-05-2023
Ran by MSBel (07-05-2023 11:08:50) Run:3
Running from C:\Users\MSBel\OneDrive\Desktop
Loaded Profiles: MSBel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Powershell: Get-AppxPackage -allusers *5A894077.McAfeeSecurity* | Remove-AppxPackage
End::
*****************


========= Get-AppxPackage -allusers *5A894077.McAfeeSecurity* | Remove-AppxPackage =========


========= End of Powershell: =========


==== End of Fixlog 11:09:37 ====

 

Hello!

Sorry for the confusion. To clarify, Office *had been* laggy and slow, like most eveything else was for a while, but I hadn't had any special problems with it, either before or after we started the scanning.

Since we started the fixes, most things, including office, are running much better. I'm going to go into specifics, so sorry for so long to read, but just in case it helps lol.

Office before: It went from taking 1-2 minutes to open a program or document, or to save something, and about 30-45 seconds to just change tabs between open documents.
Office now: about 30 seconds to open, 7-10 seconds to do everything else I tried.

Google Chrome before: Websites could take up to several minutes to open. Lots of time outs and error messages. YouTube videos took forever to get up, would skip, stop frequently to buffer for long periods, or I'd get error messages and Chrome would close. Games would go so slow or freeze I couldn't play them.
Google Chrome now: I can open websites and it only takes 10-20 seconds, I can watch YouTube videos again with no problem, and games will play though still they get a little laggy sometimes.

EA app games before: couldn't open app, or app would freeze when opened. If it did open, I'd click on games to open them and nothing would happen, or they would get stuck loading. If by some miracle I got a game to start it would be excruciatingly slow and often just shut off with an error message.
EA app games now: App will open, games will load and play though still slow and laggy sometimes. But I don't know if that's just the app because EA games are always having issues lol.

Those are basically the things I mainly use my computer for. I open Chrome, I check emails, I work (writing on Office, doing research on different websites), I listen to music/news/documentaries and such on YouTube and sometimes watch old movies on it, and I relax and play game either on EA app or on websites like AARP brain games (I stay away from sketchy game sites). I haven't tried anything else out yet.

So basically it is a big improvement and I thank you, and anything else you think I should do to keep improving or keep things improved, just let me know and no rush. I appreciate your help so much, Gary!

Thanks!

 

Hi Gary; sorry it took me a while but I had problems and was ultimately not able to finish the ESETS scan.

It apparently takes hours on my PC... first night I started it and a few hours later, my cat knocked out the wire. Since I have zero battery power left the computer just automatically goes off. Last I checked it said it had detected 4 issues.

Next night I tried again and hours after I started it, again everything went off due to a thunderstorm knocking out the power. Last I looked it had zero issues.

I tried it the next day, it took like 15 seconds and told me nothing was wrong but gave me no log. I was suspicious of that.

I tried a couple nights later. I put the laptop somewhere safe from pets and went to bed. Woke up, did some things, went back to it... 15 hours later, it was still scanning. After a while the computer froze. I had to restart. No log.

Then I had a lot of work to catch up on for the last few days and notice it seems to have slowed down again some.

I know the PC is old and I'm not expecting miracles, but I was kinda hoping to get it back to its somewhat slow yet reliable state from a few weeks ago before all this started. I'm going to be getting a new one as soon as I save up for a bit but I still have to work on this one for a couple of months.

As far as Office goes, it is working as well as anything else. Like I mentioned, no special problems other than it's also slowed down like everything else. I don't think I'm going to worry about adding anything to it unless it seems necessary.

So should I try ESETS scan again? Try something else at this point? Whatever you say I'll give a try.

Thank you so much
~Mac

 

Thanks Gary; this one seemed to go smoothly. Here is the report:

<Report>
<Metadata Version="1" PCID="{5CEBF4E3-D53F-CE62-7F8C-2717EF83573E}" LastModification="2023.05.14 21:51:08.348" />
<EventBlocks>
<Block0 Type="Scan" Processed="140843" Found="0" Neutralized="0">
<Event0 Action="Scan" Time="133285860022595360" Object="" Info="Started" />
<Event1 Action="Scan" Time="133285926682586373" Object="" Info="Finished" />
</Block0>
</EventBlocks>
</Report>

 

Hi Gary;

One question, but I'm not sure how to frame it in a way that makes sense. I don't have much of a tech-minded brain so it's hard for me to understand and my imagination takes over, almost like it's trying to envision it in mythic terms so I can make sense of it on some level. So I hope this makes sense to you and doesn't sound too silly, but here goes.

So when I initially did the malware removal scans with like Hitman Pro and stuff, it said some items were quarantined. If I delete these programs when we're finished, what happens to the quarantined files? Do they stay quarantined on my PC somewhere like little prisoners, do they get released when the program acting like their "prison guard" is gone and go free again like little thugs trying to wreak havoc?

I know I have it wrong but I think you get the gyst lol. Beyond that, let's proceed with finishing this up.

I can't thank you enough for all of your help and kindness, you've been patient with me and terrific. ~Mac

 

Thanks Gary; I struggle to understand these things but that does clear it up a bit.

~Mac

 

Ah, I get it now. That's why when people try to delete things when they've been doing wrong, police are able to find deleted files and stuff. I never knew how that worked.

 

Nope, I can't think of any. Let's move forward to clean up.

Thank you!
~Mac