Malware in HardDrive

Edited by yoon_777, 25 November 2021 - 11:18 PM.

> I am still having tough negotiations for a USB deal with fellow constituents... At this time...

What does that mean?..why not just buy one,..its just a couple of bucks,..

 

 

No, no... never mind what "had to be" done in the past. That's not what I was asking.

 

I specifically asked you to clarify your statements with today's technology in mind, not what existed 20 or 30 years ago. Rather than try to disguise a blurb about what you personally encountered decades ago as an answer to my queries, could you have another go at addressing the actual questions I asked? I'm very keen on learning from your aparantly vast bank of knowledge.

 

Thanks. I'll wait

 

Cheers.

 

 

Why certainly

 

Based on the information given, there is no known solution to the problem at hand with modern hardware

 

If you (or I) guess the correct solution, or fix the problem by accident, I would be happy to admit that the facts alone did not supply an answer to the current situation

 

Now, I'll just sit back and learn from your clearly superior knowledge

 

Sound good?

 

https://www.bleepingcomputer.com/forums/t/763192/possible-botnet/page-2

https://www.bleepingcomputer.com/forums/t/763192/possible-botnet/page-2

https://www.bleepingcomputer.com/forums/t/763192/possible-botnet/?p=5290673

I think im done with this,..you,ve been advised by one of the most experienced malware experts on the net,that it,s not a malware issue,..your not listening,not answering questions,and just wasting everyone's time,..including your own,..suggest you take your computer to a shop,..i don't think you have much chance making any progress on these forums,..

Test for permission to post issue on another thread?

EDIT.Well issue just on one thread, strange?..

Edited by Wolverine 7, 02 December 2021 - 04:23 PM.

Hi,

 

1. Hello, I am using Edge. When I used Firefox and Chrome, I had So many performance and windows constantly being manipulated.

 

[ ... ]

 

2. There is no full scan option from the Malwarebytes.

 

[ ... [

 

3. From the 2 website link Malwarebytes and HouseCall - Free Online Virus Scan, the download message says "could harm your device" according to the web browser. Both were not able to complete the download after I bypassed it.

 

4. The quick actions sidebar indicates several pinned folders (system32 folder among other windows os folders) and re-pinned after a short while.

 

5. the router address is unsecured as well (10.0.0.1). 

   

6. Cisco Wireless Gateway: DPC3941T

 

1. Firstly, in so far as your question about web browsers, I'd suggest giving the Brave web browser a try. It's very similar to Chrome in the way it's used, but is considerably more secure than Chrome with a default out of the box installation compared to Google Chrome. I compared the two in an article I wrote here that you may like to look at: Brave Browser - Better than Google Chrome?

 

2. Full scanning is available. See below for instructions. 

 

Open Malwarebytes and click the Scanner box - Not the Scan button. A new window will open.

 

 

Click Advanced Scanners below the Scan button

 

 

Click the Configure scan button under "Custom Scan" 

 

 

Now on the "Configure Custom Scan" window, ensure Scan for rootkits is checked, select your System Drive letter which is typically C: as well as any other drives you wish to include in your scan. I'd suggest you select all available drive letters on your system. That will make the scan take much longer, however given the information you've provided, it's well worth the exercise. Finally, click the Scan button to begin the scan.

 

 

Let me know what, if anything, Malwarebytes detected this time.

 

3. As already suggested by others, please use a different browser other than Microsoft Edge to perfom an online scan using Housecall.

 

4. Your System32 folder shouldn't be pinned anywhere (let alone re-pinned after manually unpinning it) so that on its own suggests to me that your system has been compromised in some way.

 

5. Any connection to a gateway router should "never" be unsecured. Strongly suggest you rectify that using the next step.

 

6. You are fortunate in that the user manual for your DPC3941T router should be available at this link. Go through it to secure your gateway router properly.

 

In particular and at a minimum, if the Username and Password for the router are still set to defaults, change the password immediately.

 

The same goes for your Wireless Network settings. Start at Page Number 47 to configure a Private WiFi Network using WPAWPA2-PSK (TKP/AES) as the encryption method. That appears to be the strongest encryption your router supports. If that causes problems for some of your wireless devices, you may need to change to a lower encryption method, however, under no circumstances should "Open" or "WEP" encryption be used. Use the strongest encryption that will work for your wireless devices. Most modern devices should be able to connect just fine with the one I've suggested. Refer to Page Number 51 (Security Mode) in the above linked manual for further details.

 

Note: If changes are made to the above settings, all of your existing wireless devices will need to be disconnected and reconnected to your home wireless network again. That's a good thing, because it will also force anyone who may have gained access to your network out as well.

 

As shown on Page Number 49 in the manual, check both the Wifi Control List and Auto Learned WiFi Devices for any connections that you do not recognise and should not be there. If your network has been compromised via WiFi, then the culprits MAC Address should also be visible there. I've not configured this router before personally, so I'm unsure how easily identifiable the list of devices will be.

 

You can take a snapshot of those screens for us to look at if you want, but be sure to obscure (do not leave visible) the MAC addresses of your devices in any reply. Never share the MAC addresses of any device you own.

 

Having said all of the above, for additional help to ensure you are no longer compromised, I would strongly recommend opening a new topic in the Virus, Trojan, Spyware, and Malware Removal Help forum here. This time, stay with the helper and be sure to respond to any questions and follow any instructions until the matter is resolved. I am by no means a security 'expert', so you are far better off dealing with the security expert members of this forum to further assist in dealing with any infections or compromises that an antivirus or malware scanner may not be detecting.

 

Hope you find this helpful.

 

Regards, Andrew

Housecall Couldn't detect anything -  even before clean install...

https://ibb.co/drrGTbz

yoon, you don't need to quote all that stuff, please go back and edit it by clicking edit at the bottom of the post, highlight all or most of that quote and Backspace or Delete it.

Housecall Couldn't detect anything -  even before clean install...

https://ibb.co/drrGTbz

So both the Malwarebytes 'custom scan' along with Housecall were both unable to detect an infection?

In that case, you should be in pretty good shape, though that would been the case much sooner had you just followed the advice when I initially gave it to you in Post #8.

And yes, as per pcpunk's request in Post #128 above, please do try to make the small effort needed to quote sensibly.

Now, please post a link to another new "Speccy" and "MiniToolBox" report as detailed by pcpunks message in Post #50 so that we can see what the state of your system is now after what you've done.

Once we've seen that, we'll tell you what to do next.

Thanks, Andrew

Edited by achzone, 04 December 2021 - 02:30 PM.

 

Housecall Couldn't detect anything -  even before clean install...

https://ibb.co/drrGTbz

 

 

 

So both the Malwarebytes 'custom scan' along with Housecall were both unable to detect an infection?

 

In that case, you should be in pretty good shape, though that would been the case much sooner had you just followed the advice when I initially gave it to you in Post #8.

 

 

And yes, as per pcpunk's request in Post #128 above, please do try to make the small effort needed to quote sensibly.

 

 

Now, please post a link to another new "Speccy" and "MiniToolBox" report as detailed by pcpunks message in Post #50 so that we can see what the state of your system is now after what you've done.

 

Once we've seen that, we'll tell you what to do next.

 

Thanks, Andrew

 

Nice to hear from you again. Below is result from MiniToolBox.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Administrator (administrator) on 04-12-2021 at 16:52:33
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 11 Home  (X64)
Model: HP Slim Desktop 290-p0xxx Manufacturer: HP
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/03/2021 06:14:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 04:45:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.QuickActions.dll, version: 10.0.22000.348, time stamp: 0x6bfd3a05
Exception code: 0x80000003
Fault offset: 0x00000000000431d1
Faulting process id: 0x15a8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 11:08:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.QuickActions.dll, version: 10.0.22000.348, time stamp: 0x6bfd3a05
Exception code: 0x80000003
Fault offset: 0x00000000000431d1
Faulting process id: 0x2f04
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (12/01/2021 07:48:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.22000.348, time stamp: 0x27a6d211
Faulting module name: SystemSettingsViewModel.Desktop.dll, version: 10.0.22000.348, time stamp: 0x856f60b0
Exception code: 0xc0000409
Fault offset: 0x00000000000d43e0
Faulting process id: 0x2dc4
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5


System errors:
=============
Error: (12/04/2021 02:31:43 PM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{284CACFE-B6F2-461A-90C3-A7ACC8353816}

Error: (12/04/2021 02:31:43 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 02:31:41 PM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{284CACFE-B6F2-461A-90C3-A7ACC8353816}

Error: (12/04/2021 02:31:41 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:32 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:32 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:31 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:31 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:30 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:30 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



Microsoft Office Sessions:
=========================
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/03/2021 06:14:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Administrator\Downloads\sigcheck64a.exe

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 04:45:42 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.22000.132dd210a66Windows.UI.QuickActions.dll10.0.22000.3486bfd3a058000000300000000000431d115a801d7e7df0667ab07C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.QuickActions.dllb194a89b-d24e-40b8-9adb-f64f793f8ab6Microsoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewyApp

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 11:08:29 AM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.22000.132dd210a66Windows.UI.QuickActions.dll10.0.22000.3486bfd3a058000000300000000000431d12f0401d7e7afec0abc1aC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.QuickActions.dlleec2cbc6-388d-4ac2-b0a9-c20f1254b8caMicrosoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewyApp

Error: (12/01/2021 07:48:11 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.22000.34827a6d211SystemSettingsViewModel.Desktop.dll10.0.22000.348856f60b0c000040900000000000d43e02dc401d7e72a66d8ec7cC:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dlla9e1ba91-997d-45fd-81f0-0732b821fe15windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel


CodeIntegrity Errors:
===================================
0x4576656E745B305D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31392E313634303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204572726F72003F20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A436F646520496E746567726974792064657465726D696E6564207468617420612070726F6365737320285C4465766963655C486172646469736B566F6C756D65335C57696E646F77735C53797374656D33325C737663686F73742E6578652920617474656D7074656420746F206C6F6164205C4465766963655C486172646469736B566F6C756D65335C50726F6772616D2046696C65735C536F70686F735C536F70686F7320414D53492050726F74656374696F6E5C536F70686F73416D736950726F76696465722E646C6C207468617420646964206E6F74206D656574207468652057696E646F7773207369676E696E67206C6576656C20726571756972656D656E74732E003F0D0A4576656E745B315D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31392E313532303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B325D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31372E373232303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B335D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323336303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B345D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323234303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B355D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323130303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B365D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E313938303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B375D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E313739303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B385D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33353A33352E363138303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B395D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33353A33352E363037303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A
=========================== Installed Programs ============================

Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team)
ClamWin Free Antivirus 0.103.2.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.369 - SecureMix LLC)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 5.3.1285 - Trend Micro Inc.)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.153.53 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C}) (Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9}) (Version: 1.6.50.0 - Sophos Limited) Hidden
Sophos Anti-Virus (HKLM-x32\...\{31616A98-3852-49E9-BDD6-77A1AB85571A}) (Version: 10.8.10.810 - Sophos Limited) Hidden
Sophos AutoUpdate XG (HKLM-x32\...\{1FBBCD17-2403-4794-B2A8-A3ADDD3B0AF8}) (Version: 6.6.144.0 - Sophos Limited) Hidden
Sophos Clean (HKLM\...\Sophos Clean) (Version: 3.9.4.1 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM-x32\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.5.238.0 - Sophos Limited) Hidden
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 2.2.6.735 - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: 3.8.1.504 - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version: 1.7.952.0 - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.6.2.0 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 3.5.0 - Sophos Limited)
Sophos Home (HKLM-x32\...\{6870B81A-B36A-4B63-8605-4DF5CE2D7BC4}) (Version: 5.1.87.0 - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: 3.7.21.247 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.13.16.0 - Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.7.0.41 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 1.11.194.0 - Sophos Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: 1.6.9 - Sophos Limited) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

========================= Devices: ================================

Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\{BABE2782-EB1B-46A7-871A-F043D3200542}#OEM_DAL_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_843F103C&REV_15\01000000684CE00000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&1B9340FB&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\{BABE2782-EB1B-46A7-871A-F043D3200542}#OEM_ICLS_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&8D99056&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\OEM_DAL_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&1F00F913&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\OEM_ICLS_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&31BAA9B8&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 7985.94 MB
Available physical RAM: 2668.45 MB
Total Virtual: 9879.94 MB
Available Virtual: 3319.11 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:915.52 GB) (Free:877.28 GB) NTFS
2 Drive d: (BUILDPART) (Fixed) (Total:0.5 GB) (Free:0.07 GB) FAT32
3 Drive e: (RECOVERY) (Fixed) (Total:14.26 GB) (Free:2.04 GB) NTFS

========================= Users: ========================================

User accounts for \\BRIF8BGPLD8U3

Administrator            DefaultAccount           Guest                    
WDAGUtilityAccount       


**** End of log ****

==========================================================================================================================================

Speccy Profile

http://speccy.piriform.com/results/XfXJxrPmzAgmwbiFsQydNr7

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Administrator (administrator) on 04-12-2021 at 16:52:33
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 11 Home  (X64)
Model: HP Slim Desktop 290-p0xxx Manufacturer: HP
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/03/2021 06:14:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 04:45:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.QuickActions.dll, version: 10.0.22000.348, time stamp: 0x6bfd3a05
Exception code: 0x80000003
Fault offset: 0x00000000000431d1
Faulting process id: 0x15a8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent) (User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent) (User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 11:08:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.QuickActions.dll, version: 10.0.22000.348, time stamp: 0x6bfd3a05
Exception code: 0x80000003
Fault offset: 0x00000000000431d1
Faulting process id: 0x2f04
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (12/01/2021 07:48:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.22000.348, time stamp: 0x27a6d211
Faulting module name: SystemSettingsViewModel.Desktop.dll, version: 10.0.22000.348, time stamp: 0x856f60b0
Exception code: 0xc0000409
Fault offset: 0x00000000000d43e0
Faulting process id: 0x2dc4
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5


System errors:
=============
Error: (12/04/2021 02:31:43 PM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{284CACFE-B6F2-461A-90C3-A7ACC8353816}

Error: (12/04/2021 02:31:43 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 02:31:41 PM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{284CACFE-B6F2-461A-90C3-A7ACC8353816}

Error: (12/04/2021 02:31:41 PM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:32 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:32 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:31 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:31 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (12/04/2021 09:35:30 AM) (Source: DCOM) (User: BRIF8BGPLD8U3)
Description: 1068cdpsvcUnavailable{F94358B1-E9AE-4D5C-AF66-CE50E67803C7}

Error: (12/04/2021 09:35:30 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



Microsoft Office Sessions:
=========================
Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/04/2021 11:30:30 AM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/03/2021 06:14:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Administrator\Downloads\sigcheck64a.exe

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/03/2021 11:30:29 AM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 04:45:42 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.22000.132dd210a66Windows.UI.QuickActions.dll10.0.22000.3486bfd3a058000000300000000000431d115a801d7e7df0667ab07C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.QuickActions.dllb194a89b-d24e-40b8-9adb-f64f793f8ab6Microsoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewyApp

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent)(User: )
Description: 0x80072EFD in IsAgentRemoteDisabledInternal:68

Error: (12/02/2021 12:08:50 PM) (Source: Firefox Default Browser Agent)(User: )
Description: ERROR - Error::WindowsError(12029) (HRESULT: 0x80072efd)

Error: (12/02/2021 11:08:29 AM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.22000.132dd210a66Windows.UI.QuickActions.dll10.0.22000.3486bfd3a058000000300000000000431d12f0401d7e7afec0abc1aC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.QuickActions.dlleec2cbc6-388d-4ac2-b0a9-c20f1254b8caMicrosoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewyApp

Error: (12/01/2021 07:48:11 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.22000.34827a6d211SystemSettingsViewModel.Desktop.dll10.0.22000.348856f60b0c000040900000000000d43e02dc401d7e72a66d8ec7cC:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dlla9e1ba91-997d-45fd-81f0-0732b821fe15windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel


CodeIntegrity Errors:
===================================
0x4576656E745B305D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31392E313634303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204572726F72003F20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A436F646520496E746567726974792064657465726D696E6564207468617420612070726F6365737320285C4465766963655C486172646469736B566F6C756D65335C57696E646F77735C53797374656D33325C737663686F73742E6578652920617474656D7074656420746F206C6F6164205C4465766963655C486172646469736B566F6C756D65335C50726F6772616D2046696C65735C536F70686F735C536F70686F7320414D53492050726F74656374696F6E5C536F70686F73416D736950726F76696465722E646C6C207468617420646964206E6F74206D656574207468652057696E646F7773207369676E696E67206C6576656C20726571756972656D656E74732E003F0D0A4576656E745B315D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31392E313532303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B325D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431363A34313A31372E373232303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D32300D0A202055736572204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943450D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B335D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323336303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B345D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323234303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B355D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E323130303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B365D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E313938303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B375D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33363A30302E313739303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B385D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33353A33352E363138303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B395D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974792F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D436F6465496E746567726974790D0A2020446174653A20323032312D31322D30345431333A33353A33352E363037303030305A0D0A20204576656E742049443A20333033330D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2042524946384247504C443855330D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A
=========================== Installed Programs ============================

Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team)
ClamWin Free Antivirus 0.103.2.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.369 - SecureMix LLC)
HouseCall for Home Networks (HKLM\...\DRScanner) (Version: 5.3.1285 - Trend Micro Inc.)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.153.53 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C}) (Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Sophos AMSI Protection (HKLM\...\{0EA5323F-DE1B-480C-911E-7827E5EA20E9}) (Version: 1.6.50.0 - Sophos Limited) Hidden
Sophos Anti-Virus (HKLM-x32\...\{31616A98-3852-49E9-BDD6-77A1AB85571A}) (Version: 10.8.10.810 - Sophos Limited) Hidden
Sophos AutoUpdate XG (HKLM-x32\...\{1FBBCD17-2403-4794-B2A8-A3ADDD3B0AF8}) (Version: 6.6.144.0 - Sophos Limited) Hidden
Sophos Clean (HKLM\...\Sophos Clean) (Version: 3.9.4.1 - Sophos Limited) Hidden
Sophos Diagnostic Utility (HKLM-x32\...\{8078549C-CFF0-48C5-9B77-6BA48A14673D}) (Version: 6.5.238.0 - Sophos Limited) Hidden
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 2.2.6.735 - Sophos Limited) Hidden
Sophos Exploit Prevention (HKLM\...\{866151B2-E14E-40E0-B6D9-64B1D428F5CB}) (Version: 3.8.1.504 - Sophos Limited) Hidden
Sophos File Scanner (HKLM\...\{CD39E739-F480-4AC4-B0C9-68CA731D8AC6}) (Version: 1.7.952.0 - Sophos Limited) Hidden
Sophos Health (HKLM-x32\...\{5E8436D5-3688-4007-94C7-55D017275F89}) (Version: 2.6.2.0 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 3.5.0 - Sophos Limited)
Sophos Home (HKLM-x32\...\{6870B81A-B36A-4B63-8605-4DF5CE2D7BC4}) (Version: 5.1.87.0 - Sophos Limited) Hidden
Sophos Home Clean (HKLM\...\Sophos Home Clean) (Version: 3.7.21.247 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.13.16.0 - Sophos Limited) Hidden
Sophos ML Engine (HKLM\...\Sophos ML Engine) (Version: 1.7.0.41 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA}) (Version: 1.11.194.0 - Sophos Limited) Hidden
Sophos Standalone Engine (HKLM\...\Sophos Standalone Engine) (Version: 1.6.9 - Sophos Limited) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

========================= Devices: ================================

Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\{BABE2782-EB1B-46A7-871A-F043D3200542}#OEM_DAL_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_843F103C&REV_15\01000000684CE00000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&1B9340FB&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\{BABE2782-EB1B-46A7-871A-F043D3200542}#OEM_ICLS_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&8D99056&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Dynamic Application Loader Host Interface
Description: Intel® Dynamic Application Loader Host Interface
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\OEM_DAL_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&1F00F913&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® iCLS Client
Description: Intel® iCLS Client
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service:
Device ID: SWD\DRIVERENUM\OEM_ICLS_COMPONENT&4&3156F9FE&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® XTU Component Device
Description: Intel® XTU Component Device
Class Guid: {5c4c3332-344d-483c-8739-259e934c9cc8}
Manufacturer: Intel
Service: XTUComponent
Device ID: SWD\DRIVERENUM\{D6711452-0DD6-4AEB-A58E-803DBA73BF69}#XTUCOMPONENT&3&31BAA9B8&0
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 7985.94 MB
Available physical RAM: 2668.45 MB
Total Virtual: 9879.94 MB
Available Virtual: 3319.11 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:915.52 GB) (Free:877.28 GB) NTFS
2 Drive d: (BUILDPART) (Fixed) (Total:0.5 GB) (Free:0.07 GB) FAT32
3 Drive e: (RECOVERY) (Fixed) (Total:14.26 GB) (Free:2.04 GB) NTFS

========================= Users: ========================================

User accounts for \\BRIF8BGPLD8U3

Administrator            DefaultAccount           Guest                    
WDAGUtilityAccount       


**** End of log ****

 

Edited by yoon_777, 04 December 2021 - 09:28 PM.

yoon_777.

Your MiniToolBox and Speccy reports show that a proper clean install was still not performed on your system. That's evidenced by the continued existance of the three hidden partitions shown by the Speccy report.

A clean install requires the deletion of all partitions on a hard drive and then creating a new single partition as detailed by the instructions detailed in Wolverine's first link that he gave you in Post #72 here.

As I also said in the following Post #73, with your machine's symptoms, it is no longer just "recommended" to delete all partitions and volumes, but a mandatory step. That must be done. Skipping the step leaves you open to allowing an infection to remain because a "proper disk wipe" would not have been performed.

You have missed this part of the instructions from Wolverine's post.

How to Clean Install Windows 10.

https://www.tenforums.com/tutorials/1950-clean-install-windows-10-a.html

 

Drive options (advanced)

(It is recommended to delete all partitions/volumes on the disk until the disk shows as one "Unallocated" space for best results.)

If you only have one partition for a Drive # (hard drive) listed that you wanted to install Windows on, then select the disk # and click on the Delete option if not grayed out to make it unallocated space.

If you have more than one partition for a Drive # (hard drive) listed and want to install Windows on only one of the partitions and keep the other partitions with that disk #, then only select the partition that you want to install Windows on the Format option.

If you have more than one partition for a Drive # (hard drive) listed and want to get rid of all of them to make that disk # one single partition drive again, then select a partition with that disk # and click on the Delete option for each partition with the same Drive # until there is only one "unallocated space" with that Drive # left as in the screenshot below.

To shrink an existing partition to create another partition to install Windows on instead, select the partition that you want to shrink and click on the Extend option. Type in how much in MB (1 GB = 1024 MB) that you want to shrink it by. Now select the new extended partition.

To have the best chance of eliminating all possible sources of an infection remaining, I would recommend you start again and follow the procedure detailed above. It's very important for you to carefully follow "all" instructions you are given else you'll just end up going around in circles.

Proceeding any further with your machine is not advisable until the above has been done. Let me know once it has.

Cheers, Andrew

Edited by achzone, 04 December 2021 - 09:01 PM.