secureworks redcloak high cpu

Ravi,are you suggestingrunning applications "in pairs" to see if there are interactions that are different in one pair or another? 2019-06-03 22:21:30, Info CSI 000029e1 [SR] Verify complete 2019-06-03 22:23:56, Info CSI 00003468 [SR] Beginning Verify and Repair transaction Using Roguekiller before contacting Bleeping computer, performance improved to 9.6MBps, including a bit faster access times after booting. 2019-06-03 22:18:41, Info CSI 00001fd2 [SR] Verifying 100 components 2019-05-31 08:59:31, Info CSI 00000018 [SR] Verifying 1 components This agent version also allowed logging level changes without restarting. Download speed not only fixed but faster than it was before. 2019-06-03 22:14:55, Info CSI 0000126b [SR] Verify complete 2019-06-03 22:26:31, Info CSI 00003f31 [SR] Verifying 100 components We have been really unhappy with their responses and in general any guidance on security . 2019-06-03 22:24:23, Info CSI 00003677 [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:57, Info CSI 000009bd [SR] Verifying 100 components I explored a lot of possible issues but none resolved the problem so I reinstalled Win 7 on Friday, January 16. 2019-06-03 22:21:23, Info CSI 00002971 [SR] Verifying 100 components 2019-06-03 22:16:30, Info CSI 0000188d [SR] Beginning Verify and Repair transaction Uh oh, what happened? ), (If an entry is included in the fixlist, only the ADS will be removed. . 2019-06-03 22:16:07, Info CSI 000016b9 [SR] Verify complete 2019-06-03 22:27:32, Info CSI 0000430e [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:02, Info CSI 00000752 [SR] Verifying 100 components 2019-05-31 08:59:27, Info CSI 0000000f [SR] Beginning Verify and Repair transaction Need to generate a certificate? Task manager reads 4% cpu, 26% memory and 0% disk. 2019-06-03 22:17:05, Info CSI 00001ac3 [SR] Verify complete 2019-06-03 22:16:14, Info CSI 00001728 [SR] Beginning Verify and Repair transaction 2019-06-03 22:23:16, Info CSI 0000311e [SR] Verifying 100 components 2019-06-03 22:23:21, Info CSI 00003186 [SR] Verify complete 2019-06-03 22:19:19, Info CSI 0000225d [SR] Verifying 100 components very short, lack of details. Take note, I have found the "antimalwareservice executable" to be using the disk at 100%. 2019-06-03 22:21:47, Info CSI 00002b24 [SR] Verify complete We have a keycloak HA setup with 3 pods running in kubernetes environment. Description. These risks and uncertainties include, but are not limited to, competitive uncertainties and general economic and business conditions in Secureworks' markets as well as the other risks and uncertainties that are described in Secureworks' periodic reports and other filings with the Securities and Exchange Commission, which are available for review through the Securities and Exchange Commission's website at www.sec.gov. We generate around 2 billion events each month. 2019-06-03 22:14:55, Info CSI 0000126c [SR] Verifying 100 components This may take some time. 2019-06-03 22:17:33, Info CSI 00001c29 [SR] Verify complete 2019-06-03 22:17:22, Info CSI 00001bbd [SR] Beginning Verify and Repair transaction Since then I have replaced that computer. ), 2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts, (Currently there is no automatic fix for this section. ), (If needed Hosts: directive could be included in the fixlist to reset Hosts. High CPU usage on machines with Deep Security Agent - Trend Micro 2019-06-03 22:24:12, Info CSI 000035a7 [SR] Beginning Verify and Repair transaction 2019-06-03 22:20:05, Info CSI 0000255d [SR] Verify complete NOTE: The 100% disk usage came back after 2 minutes but died back to 0% again. 2019-06-03 22:10:51, Info CSI 000006ea [SR] Verifying 100 components 2019-06-03 22:10:45, Info CSI 00000684 [SR] Beginning Verify and Repair transaction 2019-06-03 22:23:21, Info CSI 00003187 [SR] Verifying 100 components . SFC will begin scanning your system for damaged system files. 2019-06-03 22:25:56, Info CSI 00003ccc [SR] Verifying 100 components Secureworks Taegis ManagedXDR Overview. Secureworks Taegis ManagedXDR Reviews - PeerSpot 2019-06-03 22:28:12, Info CSI 00004583 [SR] Verify complete 2019-06-03 22:25:56, Info CSI 00003ccd [SR] Beginning Verify and Repair transaction 2019-06-03 22:20:42, Info CSI 00002743 [SR] Verify complete 2019-06-03 22:15:36, Info CSI 000014fc [SR] Verifying 100 components If an entry is included in the fixlist, it will be removed. 2019-06-03 22:21:54, Info CSI 00002b8f [SR] Beginning Verify and Repair transaction 2019-06-03 22:20:42, Info CSI 00002744 [SR] Verifying 100 components ), Task: {0A162AAB-1FD9-45E0-87A3-129B1C2458D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe [470952 2019-02-22] (Microsoft Corporation -> Microsoft Corporation), (If an entry is included in the fixlist, the task (.job) file will be moved. Dad, CISSP/CISM/CISA, accused SME, wannabe foodie, wine, hockey, golf, music, travels. 2019-06-03 22:16:02, Info CSI 0000164f [SR] Verifying 100 components 2019-06-03 22:12:20, Info CSI 00000b09 [SR] Beginning Verify and Repair transaction 2019-06-03 22:12:02, Info CSI 00000a24 [SR] Verifying 100 components 2019-06-03 22:26:17, Info CSI 00003e08 [SR] Verifying 100 components 2019-06-03 22:10:26, Info CSI 000004e3 [SR] Verifying 100 components Exponentially Safer., Secureworks Contact We are trying to analyze if there is any conflict between application and the operating system so that we can check and reinstall the specific application on the system. ), HKLM\\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor), ==================== Scheduled Tasks (Whitelisted) =============, (If an entry is included in the fixlist, it will be removed from the registry. (MTB.txt). 2019-06-03 22:16:14, Info CSI 00001727 [SR] Verifying 100 components 2019-06-03 22:19:57, Info CSI 000024ef [SR] Beginning Verify and Repair transaction Disable one module at a time and start the Red Cloak . 2019-06-03 22:17:13, Info CSI 00001b3d [SR] Verifying 100 components TDR is differentiated by expert threat intelligence, expanded through ongoing incident response experience, and enabled via relevant telemetry from a variety of network, endpoint, cloud, and business systems across Secureworks' entire global customer base. Knowledge gained from more than 1,000 incident response engagements per year informs the continuously updated threat intelligence and analytics used to recognize malicious activity. Nothing changes in its behavior except more information in log files, and faster file growth is expected because of this. 2019-06-03 22:11:32, Info CSI 0000081f [SR] Verify complete 2019-06-03 22:22:35, Info CSI 00002ddf [SR] Verify complete Lulus Lavender Floral Dress, Nature's Way Garden Veggies, Purses On Sale Near Malaysia, Photo Graduation Thank You Cards, Skechers Joggers Ladies, Defender Sweet Itch Combo, Good Vibes Only Neon Sign Purple, 2012 Nissan Altima Oil Filter Wix, Does R6 Have Quickshifter, 2002 Honda Accord Glove Box Removal, 2019-06-03 22:10:45, Info CSI 00000682 [SR] Verify complete 2019-06-03 22:20:25, Info CSI 0000266c [SR] Beginning Verify and Repair transaction Secureworks: Cybersecurity Leader, Proven Threat Defense | Secureworks 2019-06-03 22:26:03, Info CSI 00003d35 [SR] Verifying 100 components limits: INSANE (61%?!) "The actionable insights generated by Red Cloak TDR will now be available to organizations who want software-enabled hunting, detection and response capabilities, but also prefer the turnkey support of an experienced provider," said Wendy Thomas, chief product officer of Secureworks. 2019-06-03 22:23:42, Info CSI 0000332a [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:11, Info CSI 000007b8 [SR] Verify complete 2019-06-03 22:15:13, Info CSI 000013ab [SR] Verify complete Temp, IE cache, history, cookies, recent: MiniToolBox by Farbar Version: 17-06-2016, ========================= Flush DNS: ===================================, ========================= IE Proxy Settings: ==============================. Simply put, what the hell is going on? 2019-06-03 22:11:57, Info CSI 000009be [SR] Beginning Verify and Repair transaction XDR is differentiated by our advanced analytics (machine learning and deep learning), integrated threat intelligence from decades of experience, and the power of our network effect. 2019-06-03 22:23:56, Info CSI 00003467 [SR] Verifying 100 components 2019-06-03 22:14:48, Info CSI 000011fa [SR] Beginning Verify and Repair transaction 2019-06-03 22:25:37, Info CSI 00003b8c [SR] Verifying 100 components 2023 SecureWorks, Inc. All rights reserved. Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives. . Once complete, let me know if it finds integrity violations or not. As I understand the fix, modules are now independent of each other if this module fails, the other modules still report and alert on activity. 2019-06-03 22:11:52, Info CSI 00000957 [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:48, Info CSI 000008ee [SR] Verify complete This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934 and Section 27A of the Securities Act of 1933 and are based on Secureworks' current expectations. Running it on another machine may cause damage to your operating system, Virus, Trojan, Spyware, and Malware Removal Help, The Week in Ransomware - March 3rd 2023 - Wide impact attacks, Build an instant training library with this lifetime learning bundle deal, http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/. SecureWorks Red Cloak Local Bypass (CVE-2019-19620) - Medium 2019-06-03 22:21:23, Info CSI 00002970 [SR] Verify complete step 3. 2 In cases where Secureworks Red Cloak Endpoint supports an . 2019-06-03 22:10:01, Info CSI 0000033e [SR] Verify complete However most often I have only Outlook, WORD, Excel, and IE 11 open at any given time. Then push on CPU usage to bring processes to descending to see which apps/processes using the most. 2019-06-03 22:16:07, Info CSI 000016bb [SR] Beginning Verify and Repair transaction 2019-06-03 22:28:30, Info CSI 000046c0 [SR] Verify complete If I shut down all applications before the CPU gets totally consumed then the demand of the little services will slowly return to normal (30-60 minutes). 2019-06-03 22:18:04, Info CSI 00001db5 [SR] Beginning Verify and Repair transaction If any objects are detected, uncheck any items you want to keep. 2019-06-03 22:24:50, Info CSI 00003826 [SR] Beginning Verify and Repair transaction Wouldthis give a different result than enabling them? The problem was temporarily (a day or two) fixed by the reinstall. ), HKU\S-1-5-21-2329281988-2336120714-2240144410-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg, ==================== MSCONFIG/TASK MANAGER disabled items ==. 2019-06-03 22:10:35, Info CSI 000005b2 [SR] Verify complete . 2019-06-03 22:23:52, Info CSI 000033ff [SR] Verify complete 2019-06-03 22:22:27, Info CSI 00002d69 [SR] Verifying 100 components Id suggest that you optimize and maintain your computer. After putting system permissions back to default, this is what happened next, and an alert was fired off: An additional issue was discovered that to see the above log files you must have enabled verbose logging, which required a system restart to take affect. So please clean boot the system using the link below on the system. Posted by Reasonable-Canary-76. Always - Secureworks 2019-06-03 22:12:20, Info CSI 00000b07 [SR] Verify complete 2019-06-03 22:10:07, Info CSI 000003a7 [SR] Verifying 100 components 2019-06-03 22:15:28, Info CSI 00001487 [SR] Verifying 100 components 2019-06-03 22:24:50, Info CSI 00003824 [SR] Verify complete 2019-06-03 22:26:44, Info CSI 00004004 [SR] Beginning Verify and Repair transaction Any ideas? 2019-06-03 22:20:59, Info CSI 00002825 [SR] Verifying 100 components I requested a CVE for this issue to help push public awareness, in addition to this blog post, but I am frankly not sure if this meets the criteria for a CVE. The file which is running by the task will not be moved. 2019-06-03 22:23:47, Info CSI 0000339a [SR] Beginning Verify and Repair transaction [VERSION] = The version of the .msi installer file [REGISTRATION KEY] = The key that is generated for any group that is created in Endpoint Management > Group Configuration. 2019-06-03 22:26:17, Info CSI 00003e07 [SR] Verify complete 2019-06-03 22:19:19, Info CSI 0000225e [SR] Beginning Verify and Repair transaction Secureworks' MDR service leverages the detectors, analytics and correlation capabilities of Red Cloak TDR to find advanced threats that aren't typically found with normal detection, and to expand the context around each alert. 2019-06-03 22:13:26, Info CSI 00000e20 [SR] Verifying 100 components . 2019-06-03 22:25:33, Info CSI 00003b26 [SR] Beginning Verify and Repair transaction Here is my log. 2019-06-03 22:21:23, Info CSI 00002972 [SR] Beginning Verify and Repair transaction The problem with your thought is that sometimes the system will run for hours with all applications open and experience no slowdown. Above shows the error that happened when I had removed all permissions except for my own user account. ), CCleaner (HKLM\\CCleaner) (Version: 5.51 - Piriform), ==================== Custom CLSID (Whitelisted): ==========================, CustomCLSID: HKU\S-1-5-21-2329281988-2336120714-2240144410-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation), ==================== Shortcuts & WMI ========================, (The entries could be listed to be restored or removed. Any forward-looking statement speaks only as of the date as of which such statement is made, and, except as required by law, we undertake no obligation to update any forward-looking statement after the date as of which such statement was made, whether to reflect changes in circumstances or our expectations, the occurrence of unanticipated events, or otherwise. Secureworks Red Cloak Threat Detection and Response (TDR) - Adapters | Axonius. 2019-05-31 08:59:32, Info CSI 0000001e [SR] Verify complete However, if youre using Red Cloak in an environment that may be targeted by true advanced, persistent threats this could cause a high impact in those more specific situations. Secureworks' Red Cloak TDR software applies a variety of machine and deep learning techniques to a vast network of data, making it easier to find hard-to-detect threats across an entire IT landscape. 2019-06-03 22:24:00, Info CSI 000034cf [SR] Beginning Verify and Repair transaction 2019-06-03 22:27:32, Info CSI 0000430d [SR] Verifying 100 components In short, Red Cloak is used to outsource the huge task of endpoint detection to a 24x7, high standard of quality Security Operations Center. 2019-06-03 22:24:32, Info CSI 000036e6 [SR] Beginning Verify and Repair transaction Running in Safe Mode eliminated the loss of download speed so I knew it wasn't a problem with hardware or my cable modem or wireless router. Secure Works immediately acknowledged the bug and agreed to a 90-day target fix, and requested a delay in publication until customers could update. Trivial local bypass of Secure Works Red Cloak telemetry discovered August 2019. 2019-06-03 22:21:47, Info CSI 00002b25 [SR] Verifying 100 components 2019-06-03 22:15:27, Info CSI 00001486 [SR] Verify complete 2019-06-03 22:19:56, Info CSI 000024ed [SR] Verify complete 2019-06-03 22:21:13, Info CSI 00002900 [SR] Verify complete That is much better than before! . 2019-06-03 22:14:05, Info CSI 00000f18 [SR] Verify complete I've ran both AVG and Malwarebytes and they've . Read Secureworks' blog. 2019-06-03 22:21:30, Info CSI 000029e2 [SR] Verifying 100 components 2019-06-03 22:16:54, Info CSI 000019ed [SR] Beginning Verify and Repair transaction Secureworks: Cybersecurity Leader, Proven Threat Defense | Secureworks : DESKTOP-4SIK181, Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation), ========================= Event log errors: ===============================, Error: (06/01/2019 05:14:14 PM) (Source: VSS) (User: ), Error: (05/24/2019 08:32:34 AM) (Source: Application Error) (User: ), Error: (05/24/2019 08:21:14 AM) (Source: Application Hang) (User: ), Error: (03/20/2019 08:49:37 AM) (Source: Application Hang) (User: ), Error: (02/27/2019 12:19:59 PM) (Source: Application Hang) (User: ), Error: (12/28/2018 08:09:10 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY), Error: (06/02/2019 11:09:13 PM) (Source: DCOM) (User: NT AUTHORITY), Error: (06/01/2019 05:26:54 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:20:06 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:18:28 PM) (Source: DCOM) (User: NT AUTHORITY), Error: (06/01/2019 05:17:37 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:14:14 PM) (Source: VSS)(User: ), Error: (05/24/2019 08:32:34 AM) (Source: Application Error)(User: ), Error: (05/24/2019 08:21:14 AM) (Source: Application Hang)(User: ), Error: (03/20/2019 08:49:37 AM) (Source: Application Hang)(User: ), Error: (02/27/2019 12:19:59 PM) (Source: Application Hang)(User: ), Error: (12/28/2018 08:09:10 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY), Intel Processor Graphics (HKLM-x32\\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation), ========================= Devices: ================================, Name: Microsoft ACPI-Compliant Embedded Controller, Name: Intel Serial IO I2C Host Controller - 9C62, Name: Microsoft ACPI-Compliant Control Method Battery, Name: Intel Core i5-4210U CPU @ 1.70GHz, Name: Microsoft Windows Management Interface for ACPI, Name: Intel 8 Series PCI Express Root Port #3 - 9C14, Name: Microsoft Hyper-V Virtualization Infrastructure Driver, Name: Intel 8 Series LPC Controller (Premium SKU) - 9C43, Name: Microsoft Storage Spaces Controller, Name: Microsoft Kernel Debug Network Adapter, Name: Intel 8 Series USB Enhanced Host Controller #1 - 9C26, Name: Microsoft Wi-Fi Direct Virtual Adapter #4, Name: Microsoft Wi-Fi Direct Virtual Adapter #2, Name: Microsoft Radio Device Enumeration Bus, Name: Intel 8 Series PCI Express Root Port #4 - 9C16, Name: Microsoft Device Association Root Enumerator, Name: Speakers / Headphones (Realtek Audio), Name: Microsoft Input Configuration Device, Name: Intel USB 3.0 eXtensible Host Controller - 1.0 (Microsoft), Name: Intel Serial IO I2C Host Controller - 9C61, Name: Intel 8 Series Chipset Family SATA AHCI Controller, Name: Intel 8 Series PCI Express Root Port #1 - 9C10, Name: Intel 8 Series PCI Express Root Port #5 - 9C18, Name: HID-compliant vendor-defined device, Name: NDIS Virtual Network Adapter Enumerator, Name: Intel 8 Series SMBus Controller - 9C22, Name: Bluetooth Device (RFCOMM Protocol TDI), Name: Bluetooth Device (Personal Area Network) #2, Name: Microsoft System Management BIOS Driver, Name: Plug and Play Software Device Enumerator, Name: Remote Desktop Device Redirector Bus, ========================= Partitions: =====================================, 1 Drive c: () (Fixed) (Total:930.07 GB) (Free:893.73 GB) NTFS, ========================= Users: ========================================, Administrator DefaultAccount Guest, ========================= Minidump Files ==================================, ========================= Restore Points ==================================, NOTICE: This script was written specifically for this user. In short, Red Cloak is used to outsource the huge . Secureworks Managed Detection and Response (MDR), powered by Red Cloak is the latest enhancement to the company's software-enabled security offering using its cloud-based security analytics platform to deliver threat detection and response with unprecedented speed and accuracy. We suspect there is a possible leak in CPU usage. Secureworks Red Cloak Endpoint Agent System Requirements 2019-06-03 22:16:27, Info CSI 00001824 [SR] Beginning Verify and Repair transaction Industry: Services (non-Government) Industry. Select whether you would like to send anonymous data to ESET. . 2019-06-03 22:22:35, Info CSI 00002de0 [SR] Verifying 100 components 2019-06-03 22:24:18, Info CSI 0000360d [SR] Verifying 100 components 2019-06-03 22:25:24, Info CSI 00003ab2 [SR] Verify complete 2019-06-03 22:28:43, Info CSI 000047ce [SR] Verify complete If I start in Safe Mode, download speed does not drop with time. . 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, Dell Data Security International Support Phone Numbers, Do Not Sell or Share My Personal Information, View orders and track your shipping status, Create and access a list of your products. 2019-06-03 22:21:06, Info CSI 00002894 [SR] Verifying 100 components 2019-06-03 22:09:26, Info CSI 0000006c [SR] Verify complete Additionally, malware can re-infect the computer if some remnants are left. Operating Systems: 1 A SHA-2 patch is required for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. 2019-06-03 22:10:32, Info CSI 0000054c [SR] Beginning Verify and Repair transaction 2019-06-03 22:22:47, Info CSI 00002eb0 [SR] Beginning Verify and Repair transaction 2019-05-31 08:59:31, Info CSI 00000019 [SR] Beginning Verify and Repair transaction 2019-06-03 22:14:16, Info CSI 00000fc4 [SR] Verifying 100 components 2019-06-03 22:10:15, Info CSI 00000412 [SR] Beginning Verify and Repair transaction 2019-06-03 22:19:50, Info CSI 00002479 [SR] Verifying 100 components 2019-06-03 22:26:52, Info CSI 0000407b [SR] Verifying 100 components . Available for InfoSec/IT career advice and resume review. 2019-06-03 22:15:01, Info CSI 000012dc [SR] Verify complete We understand complex security environments and are passionate about simplifying security with Defense in Concert so that security becomes a business enabler. 2019-06-03 22:24:43, Info CSI 000037bd [SR] Verify complete Any future product, service, feature, benefit or related specification referenced in this press release are for information purposes only and are not commitments to deliver any technology or enhancement. 2019-06-03 22:09:45, Info CSI 0000020a [SR] Beginning Verify and Repair transaction 2019-06-03 22:22:52, Info CSI 00002f17 [SR] Verifying 100 components 2019-06-03 22:21:30, Info CSI 000029e3 [SR] Beginning Verify and Repair transaction I assume since I also was involved in all 3 . More than 4,000 customers across over 50 countries are protected by Secureworks, benefit from our network effect and are Collectively Smarter. 2019-06-03 22:24:32, Info CSI 000036e5 [SR] Verifying 100 components 2019-06-03 22:19:38, Info CSI 000023a6 [SR] Beginning Verify and Repair transaction The CPU usage increased and there were continuous CPU spikes at every 30 minute interval whenever the refresh token was used to acquire access tokens (30 min access token . 2019-06-03 22:09:45, Info CSI 00000209 [SR] Verifying 100 components Push CTRL+ALT+DELETE and open task manager. 1. As a reminder, I did a cleanWin7 reinstallation last Friday and have only installed Java, Adobe reader, Adobe Flash, Malwarebytes, Dropbox, Office 2010, Netgear Genie, Chrome, and Microsoft Security Essentials. FirewallRules: [{95F772B1-0AB0-4172-9672-0D8D31ABD905}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd), ==================== Restore Points =========================, ==================== Faulty Device Manager Devices =============, Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe, Report Id: 009dcebb-d3f7-48fd-a8e8-5fe7f30f0294, Faulting package full name: Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy, Faulting package-relative application ID: WindowsDefaultLockScreen, Error: (03/20/2019 08:49:37 AM) (Source: Application Hang) (EventID: 1002) (User: ), Report Id: 9c70a34f-dbb3-42d3-ad67-42ab800351df, Error: (02/27/2019 12:19:59 PM) (Source: Application Hang) (EventID: 1002) (User: ), Report Id: 1da64374-4712-4099-8c90-17633e62d96d, Error: (12/28/2018 08:09:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY), Error: (04/02/2019 11:58:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY), Error: (04/02/2019 11:56:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY), Error: (04/02/2019 11:56:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY), Error: (03/20/2019 05:42:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY), Error: (03/20/2019 05:41:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY), ==================== Memory info ===========================, ==================== Drives ================================, Drive c: () (Fixed) (Total:930.07 GB) (Free:893.03 GB) NTFS, \\?\Volume{c0eb0321-e386-4eb6-af69-4d63c700a79d}\ (WINRETOOLS) (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS, ==================== MBR & Partition Table ==================, ========================================================, ==================== End of Addition.txt ============================, Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com, ***** [ Chromium (and derivatives) ] *****, ***** [ Firefox (and derivatives) ] *****, AdwCleaner[S00].txt - [3024 octets] - [30/05/2019 22:53:46], ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########.