Recurring popup on desktop (infection unknown) | #microsoft | #hacking | #cybersecurity


Symptoms: I’ve attached a screen capture of the malware popup that appears on my Windows 10 desktop periodically. (I’ve never interacted with the dialog. I shut down when it appears.) I haven’t noticed an impact on performance or any other symptoms. I have/had no software that could be generating such a nag screen.

 

Troubleshooting: KIS 21.3.10.393 (d) is installed on my laptop. I reset scans to “extreme” and completed multiple full scans. No threats found. Ditto for scanning in safe mode. Other tools I’ve tried: Malwarebytes Free, multiple ESET online scans, SUPERAntiSpyware, Spybot Free, Sophos Virus Removal,  HitmanPro, HitmanPro, Malwarebytes (Xplode) AdwCleaner, Kaspersky TDS Killer Anti-rootkit Utility, Kaspersky Virus Removal Tool, Malwarebytes Anti-Rootkit & Spybot Free. None found anything.

 

Note: I uninstalled Adobe Acrobat reader, ZOOM, VLC player (all up to date) before running FRST64.exe

 

Thanks very much for your help, stranger.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by jatki (administrator) on SIBORG (Dell Inc. Inspiron 5593) (19-07-2021 15:06:33)
Running from C:UsersjatkiDesktop
Loaded Profiles: jatki
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:Program FilesAllway SyncBinSyncService.exe
(Dell Inc -> ) C:Program Files (x86)Dell Digital Delivery ServicesDell.D3.WinSvc.exe
(Dell Inc -> ) C:Program Files (x86)DellUpdateServiceServiceShell.exe
(Dell Inc -> Dell INC.) C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe
(Dell Inc -> Dell Inc.) C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVRulesProcessor.exe
(IndiLogic LLC -> Dell Inc.) C:Program FilesDellDell Peripheral ManagerDPM.exe
(IndiLogic LLC -> Dell Inc.) C:Program FilesDellDell Peripheral ManagerDPMService.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_f75fa513cf0ccec1esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorylms.inf_amd64_c0fd909ca6e7d672LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_b8e01d9e8716d2a7igfxCUIServiceN.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_b8e01d9e8716d2a7igfxEMN.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_54b736e5be5b50b2OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_aa88138229517429IntelCpHDCPSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_34f570cbe7f3d6c7RstMwService.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_tray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbweCortana.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:WindowsSystem32driversSessionService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:WindowsSystem32driversAdminService.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:Program Files (x86)NuancePaperPortPDFProFiltSrvPP.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:Program FilesDellSupportAssistAgentPCDSupportAssistDsapi.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:WindowsSystem32driversQcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <3>
(Rivet Networks LLC -> Rivet Networks LLC) C:Program FilesRivet NetworksSmartByteRAPS.exe
(Rivet Networks LLC -> Rivet Networks) C:Program FilesRivet NetworksSmartByteSmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:Program FilesRivet NetworksSmartByteSmartByteNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:Program FilesRivet NetworksSmartByteRAPSService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe
(Waves Inc -> Waves Audio Ltd.) C:WindowsSystem32DriverStoreFileRepositorywavesapo8de.inf_amd64_f9e3e5f664173b9eWavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:WindowsSystem32DriverStoreFileRepositorywavesapo8de.inf_amd64_f9e3e5f664173b9eWavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [WavesSvc] => C:WINDOWSSystem32DriverStoreFileRepositorywavesapo8de.inf_amd64_f9e3e5f664173b9eWavesSvc64.exe [1774688 2020-09-03] (Waves Inc -> Waves Audio Ltd.)
HKLM…Run: [DellMobileConnectWelcome] => C:Program FilesDellDellMobileConnectDriversDellMobileConnectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM-x32…Run: [ControlCenter4] => C:Program Files (x86)ControlCenter4BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed]
HKLM-x32…Run: [IndexSearch] => C:Program Files (x86)NuancePaperPortIndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32…Run: [PaperPort PTD] => C:Program Files (x86)NuancePaperPortpptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32…Run: [PDFHook] => C:Program Files (x86)NuancePDF Viewer Pluspdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32…Run: [PDF5 Registry Controller] => C:Program Files (x86)NuancePDF Viewer PlusRegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKUS-1-5-21-2542476915-2687108608-583963861-1001…Run: [ISUSPM] => C:ProgramDataFLEXnetConnect11ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1278C364-37E5-4431-AF53-91B559BF571C} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147304 2021-07-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {156D7B0C-90DD-4A12-B3EF-DA47C05FE127} – System32TasksKaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:Program FilesCommon FilesAVKaspersky Labupgrade_launcher.exe [743488 2021-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {39268776-DFB7-4527-B872-2128A4DD9CD6} – System32TasksSmartByte Telemetry => C:Program FilesRivet NetworksSmartByteSmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {3A121943-88FB-47AA-AD00-A92106A9E370} – System32TasksDell SupportAssistAgent AutoUpdate => C:Program FilesDellSupportAssistAgentbinSupportAssistInstaller.exe [1059872 2021-07-01] (Dell Inc -> Dell Inc.)
Task: {452B9727-8189-4141-90C7-20941912DBA8} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {47E41949-8F1E-49D0-8D69-3BE130D5ADC2} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5311392 2021-07-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6570D351-9D65-47E9-9419-555532DB28F2} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5311392 2021-07-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D16F870-F46A-4475-B7A1-E2D3228B8308} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [690616 2021-07-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {79B9AD55-A24A-4C2B-8EEB-5FAA66611292} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147304 2021-07-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BECBC16-9ECD-471F-BD2F-0CF8415AB708} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-06-16] (Piriform Software Ltd -> Piriform)
Task: {9F4FF844-8979-41BF-8375-C4AED48CAF44} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [28880512 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ABF200E9-ADC4-41FD-9805-C1DC0651734A} – System32Taskskpm_tray.exe => C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_tray.exe [610632 2020-12-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {D99D3752-C602-4790-BEF5-EFDF3052CABD} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
Task: {E6225659-1BA5-4C4A-9FB3-6C26BECD42CF} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{5b02a30a-7b2d-480c-91e3-6f53e731cee4}: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{612c1abd-a10b-4aed-b475-2abbf237abf6}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip..Interfaces{c4a210e0-a330-49c3-b33c-24cc56b50f0d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:UsersjatkiDownloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge Profile: C:UsersjatkiAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-19]
Edge DownloadDir: Default -> C:UsersjatkiDownloads
Edge StartupUrls: Default -> “hxxps://www.startpage.com/”
Edge DefaultSearchURL: Default -> hxxps://www.startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=opensearch&language=english
Edge DefaultSearchKeyword: Default -> startpage.com
Edge HKUS-1-5-21-2542476915-2687108608-583963861-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: jnnqt6kr.default
FF ProfilePath: C:UsersjatkiAppDataRoamingMozillaFirefoxProfilesjnnqt6kr.default [2020-12-30]
FF ProfilePath: C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-release [2021-07-19]
FF Homepage: MozillaFirefoxProfiles1z6nkvgb.default-release -> hxxps://aw.tdsb.on.ca/tdsblogin.aspx
FF Extension: (Bypass Paywalls) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensionsbypasspaywalls@bypasspaywalls.xpi [2021-06-08]
FF Extension: (Don’t track me Google) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensionsdont-track-me-google@robwu.nl.xpi [2021-06-07]
FF Extension: (Kaspersky Protection) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensionslight_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2021-07-05]
FF Extension: (Smart Referer) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensionssmart-referer@meh.paranoid.pk.xpi [2020-01-04]
FF Extension: (uBlock Origin) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensionsuBlock0@raymondhill.net.xpi [2021-07-07]
FF Extension: (Startpage.com — Private Search Engine) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensions{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-12-25]
FF Extension: (EPUBReader) – C:UsersjatkiAppDataRoamingMozillaFirefoxProfiles1z6nkvgb.default-releaseExtensions{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-06-22]
FF HKLM…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3FFExtlight_plugin_firefoxaddon.xpi => not found
FF HKLM-x32…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3FFExtlight_plugin_firefoxaddon.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:Program Filesmozilla firefoxdefaultsprefkl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-11-11] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:Program Filesmozilla firefoxkl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-11-11] <==== ATTENTION

Chrome:
=======
CHR HKLM…ChromeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP21.3; C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3avp.exe [184768 2021-06-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 BotkindSyncService; C:Program FilesAllway SyncBinSyncService.exe [264192 2020-04-07] () [File not signed]
S3 BrYNSvc; C:Program Files (x86)Browny02BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9056672 2021-07-08] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:Program FilesDellCommandPowerManagerNotifyService.exe [315008 2020-08-18] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe [422432 2021-05-23] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:Program FilesDellDellDataVaultDDVDataCollector.exe [3981856 2021-05-23] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:Program FilesDellDellDataVaultDDVRulesProcessor.exe [623136 2021-05-23] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:Program Files (x86)Dell Digital Delivery ServicesDell.D3.WinSvc.exe [50376 2021-03-31] (Dell Inc -> )
R2 Dell Hardware Support; C:Program FilesDellSupportAssistAgentPCDSupportAssistDsapi.exe [1020584 2021-06-21] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
S3 Dell.CommandPowerManager.Service; C:WINDOWSsystem32dllhost.exe /Processid:{FADB5D41-FD47-4F48-85E4-7A82DBBDC09E} [21312 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:Program Files (x86)DellUpdateServiceServiceShell.exe [38600 2021-05-27] (Dell Inc -> )
R2 DPMService; C:Program FilesDellDell Peripheral ManagerDPMService.exe [1426016 2020-05-16] (IndiLogic LLC -> Dell Inc.)
S3 klvssbridge64_21.3; C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_service.exe [351424 2020-12-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PDFProFiltSrvPP; C:Program Files (x86)NuancePaperPortPDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 RAPSService; C:Program FilesRivet NetworksSmartByteRAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:Program FilesRivet NetworksSmartByteRNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:Program FilesRivet NetworksSmartByteSmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:Program FilesRivet NetworksSmartByteSmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe [39968 2021-07-01] (Dell Inc -> Dell Inc.)
R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13257000 2021-07-01] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0NisSrv.exe [3206472 2020-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.1911.3-0MsMpEng.exe [103376 2020-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:WINDOWSSystem32DRIVERScm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 DDDriver; C:WINDOWSSystem32driversdddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 DPMDriver; C:WINDOWSSystem32driversDPMDriver.sys [128736 2020-03-31] (IndiLogic LLC -> Dell Inc.)
S3 hitmanpro37; C:WINDOWSsystem32drivershitmanpro37.sys [40960 2021-07-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 iaLPSS2_GPIO2_ICL; C:WINDOWSSystem32DriverStoreFileRepositoryialpss2_gpio2_icl.inf_amd64_90beccc7e046ababiaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:WINDOWSSystem32DriverStoreFileRepositoryialpss2_i2c_icl.inf_amd64_c8c0638291b9b209iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R1 klbackupdisk; C:WINDOWSsystem32DRIVERSklbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:WINDOWSSystem32DRIVERSklbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:WINDOWSsystem32DRIVERSkldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:WINDOWSSystem32DRIVERSklelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:WINDOWSsystem32DRIVERSklflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:WINDOWSSystem32DRIVERSklgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:WINDOWSsystem32DRIVERSklhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:ProgramDataKaspersky LabAVP21.3Basesklids.sys [256312 2021-07-01] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:WINDOWSSystem32DRIVERSklif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:WINDOWSsystem32DRIVERSklim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:WINDOWSsystem32DRIVERSklkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:WINDOWSsystem32DRIVERSklmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:WINDOWSSystem32DRIVERSklpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:WINDOWSsystem32DRIVERSklpnpflt.sys [96008 2021-06-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:WINDOWSSystem32Driversklupd_klif_arkmon.sys [263888 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:WINDOWSSystem32Driversklupd_klif_klark.sys [309104 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:WINDOWSSystem32Driversklupd_klif_klbg.sys [115744 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:WINDOWSSystem32Driversklupd_klif_mark.sys [224880 2021-04-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:WINDOWSsystem32DRIVERSklwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:WINDOWSsystem32DRIVERSklwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:WINDOWSsystem32DRIVERSkneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 SmbCoSvc; C:WINDOWSsystem32DRIVERSSmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [45664 2020-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:WINDOWSSystem32driverswdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [355760 2020-01-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [54192 2020-01-02] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; SystemRootSystem32driversDBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 15:06 – 2021-07-19 15:06 – 000024387 _____ C:UsersjatkiDesktopFRST.txt
2021-07-19 15:05 – 2021-07-19 15:06 – 000000000 ____D C:FRST
2021-07-19 14:59 – 2021-07-19 14:54 – 002300416 _____ (Farbar) C:UsersjatkiDesktopFRST64.exe
2021-07-19 14:32 – 2021-07-19 14:33 – 000330856 _____ C:TDSSKiller.3.1.0.28_19.07.2021_14.32.30_log.txt
2021-07-19 14:31 – 2021-07-19 14:31 – 000007770 _____ C:TDSSKiller.3.1.0.28_19.07.2021_14.31.18_log.txt
2021-07-19 14:19 – 2021-07-19 14:19 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers52565647.sys
2021-07-19 14:19 – 2021-07-19 14:19 – 000000000 ____D C:ProgramDataMalwarebytes
2021-07-19 14:18 – 2021-07-19 14:31 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)
2021-07-19 14:18 – 2021-07-19 14:18 – 000192952 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamchameleon.sys
2021-07-19 14:08 – 2021-07-19 14:08 – 000000000 _____ C:WINDOWSinvcol.tmp
2021-07-19 13:10 – 2021-07-19 13:10 – 000040960 _____ C:WINDOWSsystem32Drivershitmanpro37.sys
2021-07-19 13:09 – 2021-07-19 13:15 – 000000000 ____D C:ProgramDataHitmanPro
2021-07-19 09:39 – 2021-07-19 09:39 – 000000000 ____D C:ProgramDataSophos
2021-07-18 16:55 – 2021-07-18 16:55 – 000000085 _____ C:WINDOWSwininit.ini
2021-07-18 16:27 – 2021-07-18 16:28 – 000000000 ____D C:UsersjatkiAppDataLocalOpera Software
2021-07-18 16:26 – 2021-07-18 16:26 – 000000000 ____D C:WINDOWSsystem32TasksSafer-Networking
2021-07-18 16:26 – 2021-07-18 16:26 – 000000000 ____D C:Safer-Networking Ltd
2021-07-18 16:21 – 2021-07-18 16:21 – 000000000 ____D C:UsersjatkiAppDataLocalNPE
2021-07-18 16:21 – 2021-07-18 16:21 – 000000000 ____D C:ProgramDataNorton
2021-07-18 13:46 – 2021-07-18 13:46 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2021-07-17 20:12 – 2021-07-17 20:12 – 000000000 ____D C:AdwCleaner
2021-07-17 17:11 – 2021-07-17 17:11 – 000000000 ____D C:UsersjatkiAppDataLocalmbam
2021-07-17 16:27 – 2021-07-18 16:33 – 001450480 _____ C:WINDOWSntbtlog.txt
2021-07-08 13:17 – 2021-07-08 13:17 – 000003914 _____ C:WINDOWSsystem32TasksDell SupportAssistAgent AutoUpdate
2021-07-05 10:33 – 2021-07-05 10:33 – 000003936 _____ C:WINDOWSsystem32TasksCCleaner Update
2021-07-05 10:31 – 2021-07-05 10:31 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-07-05 10:24 – 2021-07-05 10:24 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRevo Uninstaller
2021-07-05 10:24 – 2021-07-05 10:24 – 000000000 ____D C:Program FilesVS Revo Group
2021-07-04 14:17 – 2021-07-17 17:32 – 000001290 _____ C:UsersjatkiDesktopESET Online Scanner.lnk
2021-07-04 14:16 – 2021-07-17 17:32 – 000001396 _____ C:UsersjatkiAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk
2021-07-04 14:16 – 2021-07-04 14:16 – 000000000 ____D C:UsersjatkiAppDataLocalESET

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 15:05 – 2020-01-04 13:55 – 000000000 ____D C:Program FilesCCleaner
2021-07-19 15:05 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF
2021-07-19 15:05 – 2019-11-16 20:47 – 000000000 ____D C:Program Files (x86)Dell Digital Delivery Services
2021-07-19 15:03 – 2020-10-09 16:16 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-07-19 15:03 – 2020-10-09 16:11 – 000008192 ___SH C:DumpStack.log.tmp
2021-07-19 15:03 – 2020-01-14 14:50 – 000000000 ____D C:Program Files (x86)TeamViewer
2021-07-19 15:03 – 2019-12-24 16:53 – 000000000 __SHD C:UsersjatkiIntelGraphicsProfiles
2021-07-19 15:03 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState
2021-07-19 15:03 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-07-19 15:03 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-07-19 15:03 – 2019-11-16 20:43 – 000000000 ____D C:ProgramDataGoodix
2021-07-19 15:03 – 2019-11-16 20:43 – 000000000 ____D C:Intel
2021-07-19 14:57 – 2020-10-09 16:11 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-07-19 14:36 – 2020-10-09 16:21 – 000795738 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-07-19 14:04 – 2019-12-28 17:47 – 000000000 ____D C:Program FilesVideoLAN
2021-07-19 14:03 – 2019-12-28 16:52 – 000000000 ____D C:Program Files (x86)Adobe
2021-07-19 14:03 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-07-19 13:53 – 2019-12-24 14:28 – 000000000 ____D C:UsersjatkiAppDataLocalLowMozilla
2021-07-19 13:52 – 2021-05-05 11:03 – 000000000 ____D C:Program FilesMozilla Firefox
2021-07-19 09:43 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-07-18 13:40 – 2020-10-09 16:12 – 000000000 ____D C:Usersjatki
2021-07-17 20:10 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-07-17 17:08 – 2020-01-26 17:45 – 000000000 ____D C:UsersjatkiAppDataLocalElevatedDiagnostics
2021-07-17 16:28 – 2020-10-01 11:25 – 000000000 ___DC C:WINDOWSPanther
2021-07-17 12:19 – 2020-07-05 16:47 – 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-07-17 12:19 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-07-16 15:51 – 2019-11-16 20:57 – 000000000 ____D C:Program FilesMicrosoft Office
2021-07-14 19:02 – 2020-01-04 14:10 – 000000000 ___RD C:UsersjatkiDocumentsHome
2021-07-14 18:59 – 2019-12-24 14:50 – 000000000 ____D C:WINDOWSsystem32MRT
2021-07-14 18:57 – 2019-12-24 14:50 – 133422552 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-07-13 16:06 – 2020-01-01 16:30 – 000013405 _____ C:WINDOWSBRRBCOM.INI
2021-07-08 13:21 – 2020-12-04 14:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDell
2021-07-08 13:21 – 2019-11-16 20:47 – 000000000 ____D C:ProgramDataPCDr
2021-07-05 10:40 – 2019-12-24 14:28 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-07-05 10:31 – 2019-12-24 14:28 – 000001007 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-07-05 10:31 – 2019-12-24 14:28 – 000000000 ____D C:ProgramDataMozilla
2021-07-05 10:22 – 2021-02-16 11:37 – 000000000 ____D C:UsersjatkiDocumentsApp Data
2021-07-02 12:45 – 2020-10-09 16:16 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-07-02 12:45 – 2020-10-09 16:16 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-07-01 10:31 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSLiveKernelReports
2021-06-29 14:09 – 2020-03-31 11:02 – 000000000 ____D C:UsersjatkiDocumentsZoom
2021-06-29 12:45 – 2019-12-24 16:53 – 000000000 ____D C:UsersjatkiAppDataLocalPackages
2021-06-29 12:40 – 2020-01-04 14:12 – 000000000 ___RD C:UsersjatkiDocumentsSchool
2021-06-25 14:05 – 2019-12-07 05:03 – 000032768 _____ C:WINDOWSsystem32configELAM

==================== FLock ==============================

2021-05-06 15:29 C:Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by jatki (19-07-2021 15:07:09)
Running from C:UsersjatkiDesktop
Windows 10 Home Version 2004 19041.985 (X64) (2020-10-09 20:16:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2542476915-2687108608-583963861-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2542476915-2687108608-583963861-503 – Limited – Disabled)
Guest (S-1-5-21-2542476915-2687108608-583963861-501 – Limited – Disabled)
jatki (S-1-5-21-2542476915-2687108608-583963861-1001 – Administrator – Enabled) => C:Usersjatki
WDAGUtilityAccount (S-1-5-21-2542476915-2687108608-583963861-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled – Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Kaspersky Internet Security (Enabled – Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
FW: Kaspersky Internet Security (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Allway Sync (HKLM…{6E2A6AEF-1397-4888-BD6F-4C0D4968014D}) (Version: 20.0.5 – Botkind Inc.)
Bonjour (HKLM…{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 – Apple Inc.)
Brother MFL-Pro Suite MFC-J5620DW (HKLM-x32…{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 – Brother Industries, Ltd.)
CCleaner (HKLM…CCleaner) (Version: 5.82 – Piriform)
Dell Digital Delivery Services (HKLM-x32…{3722784A-D530-4C82-BB78-4DF3E1A4CAD9}) (Version: 4.0.90.0 – Dell Inc.)
Dell Mobile Connect Drivers (HKLM…{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 – Screenovate Technologies Ltd.)
Dell Peripheral Manager (HKLM…Dell Peripheral Manager) (Version: 1.2.1 – Dell Inc.)
Dell Power Manager Service (HKLM…{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.7.0 – Dell Inc.)
Dell SupportAssist (HKLM…{270DE507-0182-4444-AAC8-FDD6689A92B0}) (Version: 3.10.0.47 – Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM…{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 – Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32…{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 – Dell Inc.)
Dell SupportAssist Remediation (HKLM…{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 – Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32…{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 – Dell Inc.)
Dell Update for Windows 10 (HKLM…{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.2.0 – Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM…{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 – Intel Corporation) Hidden
Goodix Fingerprint Driver (HKLM…{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 3.0.35.600 – Goodix, Inc.)
Intel® Dynamic Tuning (HKLM-x32…{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 – Intel Corporation)
Intel® Dynamic Tuning Technology (HKLM-x32…{7a82309b-956d-4788-8207-25897660c3d6}) (Version: 8.7.10400.15556 – Intel) Hidden
Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 – Intel Corporation)
Kaspersky Internet Security (HKLM-x32…{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky) Hidden
Kaspersky Internet Security (HKLM-x32…InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky)
Kaspersky Password Manager (HKLM-x32…{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 – Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32…InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 – Kaspersky Lab)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.70 – Microsoft Corporation)
Microsoft Office Professional Plus 2019 – en-us (HKLM…ProPlus2019Retail – en-us) (Version: 16.0.14131.20320 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.30319 (HKLM…{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.30319 (HKLM-x32…{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.27.29016 (HKLM-x32…{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 – Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-CA) (HKLM…Mozilla Firefox 89.0.2 (x64 en-CA)) (Version: 89.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 71.0 – Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32…{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 – Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32…{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 – Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32…{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 – Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM…{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 – Intel Corporation) Hidden
paint.net (HKLM…{2025DAA7-0653-4F18-B66F-900E6F2320EC}) (Version: 4.2.13 – dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM…{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 – Nuance Communications, Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32…{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10518 – Qualcomm)
Revo Uninstaller 2.2.8 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 – VS Revo Group, Ltd.)
RstDowngradeGuard (HKLM…{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 – Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM…{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 – Rivet Networks)
TeamViewer (HKLM-x32…TeamViewer) (Version: 15.19.5 – TeamViewer)

Packages:
=========
Dell CinemaColor -> C:Program FilesWindowsAppsPortraitDisplays.DellCinemaColor_2.3.34.0_x64__2dgmkzkw4h30c [2021-05-19] (Portrait Displays)
Dell Customer Connect -> C:Program FilesWindowsAppsDellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-08] (Dell Inc)
Dell Digital Delivery -> C:Program FilesWindowsAppsDellInc.DellDigitalDelivery_4.0.90.0_x64__htrsf667h5kn2 [2021-06-18] (Dell Inc)
Dell Mobile Connect 3.3 -> C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0 [2021-06-17] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:Program FilesWindowsAppsDellInc.DellPowerManager_3.9.11.0_x64__htrsf667h5kn2 [2021-05-21] (Dell Inc)
Dell SupportAssist for Home PCs -> C:Program FilesWindowsAppsDellInc.DellSupportAssistforPCs_3.10.2.0_x64__htrsf667h5kn2 [2021-07-08] (Dell Inc)
Dell Update -> C:Program FilesWindowsAppsDellInc.DellUpdate_4.2.23.0_x86__htrsf667h5kn2 [2021-05-19] (Dell Inc)
Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-06] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:Program FilesWindowsAppsAppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-12-30] (INTEL CORP)
Intel® Optane Memory and Storage Management -> C:Program FilesWindowsAppsAppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-14] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation)
My Dell -> C:Program FilesWindowsAppsDellInc.MyDell_1.9.5.0_x64__htrsf667h5kn2 [2021-07-04] (Dell Inc)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation)
SmartByte -> C:Program FilesWindowsAppsRivetNetworks.SmartByte_3.1.971.0_x64__rh07ty8m5nkag [2021-05-19] (Rivet Networks LLC)
Translator -> C:Program FilesWindowsAppsMicrosoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:Program FilesWindowsAppsWavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-12-30] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-2542476915-2687108608-583963861-1001_ClassesCLSID{0BAD39CB-DD3E-4F21-9156-649B0156C28E}localserver32 -> C:WindowsSystem32DriverStoreFileRepositorywavesapo8de.inf_amd64_f9e3e5f664173b9eWavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:WINDOWSSystem32DriverStoreFileRepositoryiastorpinningcomponent.inf_amd64_e485c119d27c9219OptaneShellExt.dll [2020-09-23] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64shellex.dll [2021-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64shellex.dll [2021-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:WINDOWSSystem32DriverStoreFileRepositoryiastorpinningcomponent.inf_amd64_e485c119d27c9219OptaneShellExt.dll [2020-09-23] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64shellex.dll [2021-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64shellex.dll [2021-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-01 01:14 – 2020-12-01 01:14 – 001638912 _____ (Robert Simpson, et al.) [File not signed] C:Program FilesDellSupportAssistAgentbinx64SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal50355670.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetwork50355670.sys => “”=”Driver”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKUS-1-5-21-2542476915-2687108608-583963861-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKUS-1-5-21-2542476915-2687108608-583963861-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKUS-1-5-21-2542476915-2687108608-583963861-1001 -> DefaultScope {C3C50A88-71AC-4EA1-B95B-3D5F8A1CDB28} URL =
SearchScopes: HKUS-1-5-21-2542476915-2687108608-583963861-1001 -> {C3C50A88-71AC-4EA1-B95B-3D5F8A1CDB28} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:Program Files (x86)NuancePDF Viewer PlusBinPlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
Toolbar: HKUS-1-5-21-2542476915-2687108608-583963861-1001 -> No Name – {EF293C5A-9F37-49FD-91C4-2B867063FC54} –  No File
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 – 2019-03-19 00:49 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-2542476915-2687108608-583963861-1001Control PanelDesktop\Wallpaper -> C:UsersjatkiPicturesspring summer 2020_MG_2830 (2).JPG
DNS Servers: 192.168.1.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedRun32: => “IndexSearch”
HKLM…StartupApprovedRun32: => “PaperPort PTD”
HKLM…StartupApprovedRun32: => “PDF5 Registry Controller”
HKLM…StartupApprovedRun32: => “PDFHook”
HKUS-1-5-21-2542476915-2687108608-583963861-1001…StartupApprovedRun: => “OneDrive”
HKUS-1-5-21-2542476915-2687108608-583963861-1001…StartupApprovedRun: => “ISUSPM”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8576B764-A90F-47E6-8405-CB616138C614}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{995CE1F0-0495-4AC6-8003-C89BD782EC6A}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{74DCBD8D-17E4-41B5-A3E2-2BD3B8D5B53A}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84F90888-B6F2-44C7-BC6A-CFEA3AAA9CEC}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3B90655-B097-42D9-B5D2-DC67074D5756}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{483E6635-66EC-46CE-A89A-3911035FC70F}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A983E81-3302-4300-8F1F-65775D6999CB}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7E28EA41-CF29-4A0D-8129-95AAB38421BD}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CBEC6092-BE00-450F-A956-C6DE57180B47}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A6B0572-C4EC-4590-9FAF-7604984DB972}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{992CC53E-DFF9-473A-93E5-DE8F5429A8A2}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{114873AD-A68C-4D2C-86DE-1C318A55741B}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7996016E-EFD2-4409-A32A-58E7EDC60121}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EBB19985-6CDD-40CD-BAF0-FC7CE6790B0F}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA6967D5-82D6-465E-AEC0-0618D73DD823}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0appDellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{0BA89145-45AB-4540-8AF1-A124E1454D21}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9803.0_x64__0vhbc3ng4wbp0appDellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{123E097B-39F8-4F9A-94D2-AD68A9598E01}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F8C2184-8444-4778-9B68-18F0962B007E}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5EC8182B-D62C-41EC-AE6C-33F7F2830B36}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9A97620A-337E-409B-97D2-269ABCA1DB2A}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{515D5B36-4D23-421E-B268-96BC169DE5D5}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

17-07-2021 18:44:23 Windows Modules Installer
18-07-2021 13:34:42 Windows Modules Installer
18-07-2021 16:27:59 Revo Uninstaller’s restore point – Opera Stable 77.0.4054.254
18-07-2021 16:55:38 Revo Uninstaller’s restore point – Spybot – Search & Destroy
19-07-2021 09:37:13 Windows Modules Installer
19-07-2021 13:14:31 Checkpoint by HitmanPro
19-07-2021 13:51:08 Revo Uninstaller’s restore point – SUPERAntiSpyware
19-07-2021 13:54:09 Revo Uninstaller’s restore point – Sophos Virus Removal Tool
19-07-2021 13:55:44 Removed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2021 01:55:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/19/2021 01:55:12 PM) (Source: MsiInstaller) (EventID: 11606) (User: SIBORG)
Description: Product: Sophos Virus Removal Tool — Error 1606.Could not access network location data.

Error: (07/19/2021 01:55:10 PM) (Source: MsiInstaller) (EventID: 11606) (User: SIBORG)
Description: Product: Sophos Virus Removal Tool — Error 1606.Could not access network location data.

Error: (07/19/2021 01:54:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: SIBORG)
Description: Product: Sophos Virus Removal Tool — Error 1606.Could not access network location data.

Error: (07/19/2021 01:54:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/19/2021 01:51:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2bf8740c-e1e4-4d3b-944e-016efaae6c47}

Error: (07/19/2021 09:41:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287
Faulting module name: ntdll.dll, version: 10.0.19041.964, time stamp: 0xbd2c3c23
Exception code: 0xc0000005
Fault offset: 0x0000000000063416
Faulting process id: 0x1d18
Faulting application start time: 0x01d77ca32d98665b
Faulting application path: C:WINDOWSsystem32wuauclt.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 7b97ca21-c9d9-4f68-8d85-8f6937c2ffde
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2021 04:28:19 PM) (Source: Firefox) (EventID: 5) (User: )
Description: Event-ID 5

System errors:
=============
Error: (07/19/2021 02:04:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/19/2021 02:00:42 PM) (Source: DCOM) (EventID: 10000) (User: SIBORG)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
“2147942767”
Happened while starting this command:
C:WINDOWSsystem32DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/19/2021 10:00:07 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/19/2021 09:41:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007000d: 2021-07 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5004237).

Error: (07/18/2021 04:26:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot Security Center Integration Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (07/18/2021 04:26:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot Security Center Integration Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (07/18/2021 04:23:01 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service SecurityHealthService with arguments “Unavailable” in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (07/18/2021 04:20:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Windows Defender:
================
Date: 2020-12-04 13:55:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.17700.4
Previous Engine Version: 1.1.16600.7
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2021-07-19 15:05:21
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume3Program Files (x86)Kaspersky LabKaspersky Internet Security 21.3x64antimalware_provider.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.13.0 11/13/2020
Motherboard: Dell Inc. 0FHJFF
Processor: Intel® Core™ i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 52%
Total physical RAM: 7959.47 MB
Available physical RAM: 3755.1 MB
Total Virtual: 17175.47 MB
Available Virtual: 12672.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.89 GB) (Free:313.64 GB) NTFS

\?Volume{b5be1aa2-d6a0-4ce8-8926-83099e3c814d} (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.28 GB) NTFS
\?Volume{7130a2dd-3d71-4673-bca4-41872cfe602a} (Image) (Fixed) (Total:11.99 GB) (Free:0.14 GB) NTFS
\?Volume{45f91525-11a2-4f12-b132-6a0a6e709610} (DELLSUPPORT) (Fixed) (Total:1.22 GB) (Free:0.29 GB) NTFS
\?Volume{a4a48aa4-be5b-4898-bd68-e1a5de367fd9} (ESP) (Fixed) (Total:0.73 GB) (Free:0.65 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: C9327C28)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

 

 

 

 

 

 

 



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

+ fifty five = 61