MS Word docs were stalling, not closing for a long time, nor opening nor saving quickly, nor saving quickly.Scanning with AVG, Malwarebyes showed nothing. Old version of Emsisoft showed this:
Setting.DisableRegistryTools (A)
Value: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –
Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B
Setting.DisableRegistryTools (A)
Value: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –
Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B
Emsisoft Emergency Kit - Version 9.0
Last update: 11/18/2018 6:31:20 PM
User account: Precision-T3600\MEH
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start:5/1/2022 1:59:18 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS detected: Gen:Trojan.Heur.KT.2.Li@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS detected: Gen:Trojan.Heur.KT.2.Ai@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\MSTORE.HXSdetected: Gen:Trojan.Heur.KT.2.xi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OIS.HXS detected: Gen:Trojan.Heur.KT.2.Bi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\ONENOTE.HXSdetected: Gen:Trojan.Heur.KT.2.Qj@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\SETLANG.HXS detected: Gen:Trojan.Heur.KT.2.yi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\WINWORD.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxSdetected: Gen:Trojan.Heur.KT.2.bi!@ai4D7Fki (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe detected: Gen:Trojan.Heur.FU.hu2@a4WmjAci (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exedetected: Gen:Trojan.Heur.FU.hu2@a0QUcoki (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exedetected: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (B
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.36.132\GoogleUpdateSetup.exe detected: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (B
Scanned 249192
Found 20
Scan end: 5/1/2022 2:55:20 PM
Scan time:0:56:02
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by MEH (administrator) on PRECISION-T3600 (Dell Inc. Precision T3600) (01-05-2022 19:43:12)
Running from C:\Users\MEH\Downloads
Loaded Profiles: MEH
Platform: Microsoft Windows 7 ProfessionalService Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CNET Networks -> Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <14>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [168376 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Winlogon: [Shell] - <==== ATTENTION
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [74016 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPMLM135: C:\Windows\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
Startup: C:\Users\MEH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2022-02-18]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (CNET Networks -> Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00715906-9A6C-43DA-866C-7523D9352346} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {06800F5D-26DE-4E82-985C-2B5EDD75F748} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {35E42BBA-94A0-448C-A0DE-486444F0E3CF} - System32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {419FB094-AADC-4E57-A1A2-146C5965B067} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {4B700974-F9F9-4691-B0F1-289888C6E47C} - System32\Tasks\Opera scheduled Autoupdate 1544753743 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software)
Task: {5505C032-DF9F-4291-8D1B-E5D18C7C2E97} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [52224 2013-10-17] () [File not signed]
Task: {5535F17E-2A3B-49AE-A978-B9F9AAFCB300} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [35184 2012-11-28] (Wave Systems Corp. -> Wave Systems Corp.)
Task: {61DE9BA2-EB53-4D31-A4FB-E5F41422B32E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe /StartRecording (No File)
Task: {654A59F0-4DA5-4631-9129-7724ABE2DAC0} - \Adobe Flash Player NPAPI Notifier -> No File <==== ATTENTION
Task: {65E60B25-67DB-4B81-8C0D-12D4BB8400B7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [5008312 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {73A86648-CAE9-4631-B6CC-22C4813F53BB} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [893832 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {776C0E4A-EC83-4830-ABE6-AE805CFE1A93} - System32\Tasks\HPCeeScheduleForMEH => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {7EC5865E-ADD8-4742-A146-2F0E0AC97EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {83B042A5-62E5-401C-BF12-6A57A8DA3F74} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-07] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {86AEF45F-AA8D-43EF-8E3C-034D046B7BA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1582400741 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\MEH\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {8A93C550-C837-46C1-B6CD-6E9A060BE90E} - System32\Tasks\{F08BEBEE-FD4F-4756-AE73-0B076D713704} => C:\Windows\system32\pcalua.exe -a "C:\Users\MEH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX4WHZXN\JavaSetup8u191.exe" -d C:\Users\MEH\Desktop
Task: {8FCAE949-B150-4ACE-9806-6D92EE95C7A2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {9EE9132B-95A6-41F2-B4E0-BBDC36446286} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {ACBC7FF7-1B9B-4A32-8465-EE0C5A74421C} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {BE0C51C0-C83E-4CEB-96C5-96A11F08AE90} - System32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C1BC7535-CE35-44EA-AB29-CA485836CFDB} - System32\Tasks\{E08EF988-BD4A-416B-BCA4-271B6798517A} => C:\Users\MEH\Desktop\JRT_NEW.exe (No File)
Task: {CFE23D24-940B-4A38-BF63-B93311BCC136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {EDA1EEAA-630F-47CD-91BB-BFE68FE98CD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {EEE9458D-E547-490C-BB08-BB85467EF2A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F532A395-364D-4F8F-B602-A9F923DC3FFE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForMEH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07844A5C-8366-4EB3-9E56-C221DF0D0D64}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{883F6A1F-DB26-41AD-A138-5D9A044B7999}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9C16CE0E-C564-4F18-B93B-E2AFE99373FE}: [DhcpNameServer] 10.1.10.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\MEH\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]
Edge HomePage: Default -> hxxp://www.duckduckgo.com/
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 0u1mt6n7.default-1416744754553
FF ProfilePath: C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 [2022-05-01]
FF Homepage: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> hxxp://www.duckduckgo.com
FF Session Restore: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: @webrtc-leak-shield
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: ddg@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: google@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: ebay@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: bing@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: amazondotcom@search.mozilla.org
FF Extension: (WebRTC Leak Shield) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\@webrtc-leak-shield.xpi [2021-09-29]
FF Extension: (Pinterest Save Button) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2022-03-01]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-04-26]
FF Extension: (New Tab Override) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\newtaboverride@agenedia.com.xpi [2022-02-07]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-10-31] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (NoScript) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]
FF Extension: (A Color Within Another Color) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{9e420261-1c2f-4eb7-a9f0-dc7292f17459}.xpi [2021-12-01]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1233203.dll [2018-05-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprpplugin;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default [2022-05-01]
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Extension: (Beauty) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbelgoeoihcmnkgkeanmogncgkfichm [2021-10-09]
CHR Extension: (NiftySplit) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjnlfillpnkgmjnhgklpjjlpjnfeil [2018-06-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-28]
CHR Extension: (AutoplayStopper) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2022-02-28]
CHR Extension: (Don't bleep With Paste) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2020-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable [2022-05-01]
OPR StartupUrls: Opera Stable -> "hxxps://duckduckgo.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}
OPR Extension: (Rich Hints Agent) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-03]
OPR Extension: (Opera Crypto Wallet) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-04-22]
OPR Extension: (WebRTC Leak Prevent) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2021-04-26]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [713656 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [1770424 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [460728 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [8413296 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S4 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2486272 2013-04-30] (Dell Inc.) [File not signed]
S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] (Wave Systems Corp. -> )
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc. -> Invincea, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8347832 2022-05-01] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
S4 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
S4 poaService; C:\Program Files\Dell\PPO\poaService.exe [641232 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [277712 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [516304 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] (Invincea, Inc. -> )
S4 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-28] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp. -> Wave Systems Corp.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1579520 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [222240 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [372336 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250456 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99432 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184768 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [539120 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-11-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107976 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83040 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [852352 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [557784 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [214496 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [316752 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-16] (Emsisoft GmbH -> Emsisoft GmbH)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-19] (Dell Inc. -> Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-04-29] (Techporch Incorporated -> Dell Computer Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2018-10-27] (Emsisoft Ltd -> Emsisoft GmbH)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] (Invincea, Inc. -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2013-07-19] (Techporch Incorporated -> Dell Computer Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation -> Corel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] (Invincea, Inc. -> )
S3 NTIOLib_DVDSetup; \??\F:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-05-01 19:43 - 2022-05-01 19:44 - 000030777 _____ C:\Users\MEH\Downloads\FRST.txt
2022-05-01 19:35 - 2022-05-01 19:35 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64(1).exe
2022-05-01 19:33 - 2022-05-01 19:33 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64.exe
2022-05-01 19:30 - 2022-05-01 19:30 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\Unconfirmed 516431.crdownload
2022-05-01 13:51 - 2022-05-01 19:37 - 000005014 _____ C:\Windows\system32\Tasks\WSCEAA
2022-04-21 10:37 - 2022-04-21 10:37 - 000128848 _____ C:\Users\MEH\Downloads\Minnesota Urology_20220421.pdf
2022-04-18 17:30 - 2022-04-18 17:30 - 000002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2022-04-18 17:30 - 2022-04-18 17:30 - 000002166 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-05-01 19:43 - 2014-11-14 19:10 - 000000000 ____D C:\FRST
2022-05-01 19:34 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-01 19:31 - 2016-11-17 18:09 - 000000000 ____D C:\Users\MEH\AppData\LocalLow\Mozilla
2022-05-01 17:47 - 2017-01-15 21:07 - 000000000 ____D C:\Program Files\CCleaner
2022-05-01 15:48 - 2014-11-16 06:25 - 000000000 ____D C:\EEK
2022-05-01 15:39 - 2021-10-27 05:21 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-01 15:39 - 2021-08-07 00:53 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-01 15:39 - 2020-09-27 19:21 - 000001962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-01 15:39 - 2020-01-24 06:28 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-05-01 15:38 - 2020-01-24 06:28 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-01 15:38 - 2017-12-23 17:02 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-01 15:38 - 2014-04-29 21:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-01 15:19 - 2014-04-29 18:39 - 000000000 ____D C:\Users\MEH\Documents\Word
2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-05-01 13:55 - 2009-07-14 00:13 - 000783790 _____ C:\Windows\system32\PerfStringBackup.INI
2022-05-01 13:55 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-05-01 13:48 - 2016-10-25 17:37 - 000000000 ____D C:\ProgramData\Avg
2022-05-01 13:47 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-01 13:46 - 2019-12-07 21:15 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2022-05-01 02:00 - 2014-06-12 13:04 - 000000000 ____D C:\Users\MEH\AppData\Local\Adobe
2022-04-29 04:31 - 2020-07-06 19:08 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-29 04:31 - 2020-07-06 19:08 - 000002184 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-28 01:40 - 2017-10-02 04:53 - 000003174 _____ C:\Windows\system32\Tasks\HPCeeScheduleForMEH
2022-04-28 01:40 - 2017-10-02 04:53 - 000000324 _____ C:\Windows\Tasks\HPCeeScheduleForMEH.job
2022-04-25 15:17 - 2017-08-25 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-04-25 15:17 - 2014-03-15 16:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-21 12:31 - 2018-12-13 21:15 - 000004080 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1544753743
2022-04-21 10:56 - 2021-10-21 10:55 - 000004310 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582400741
2022-04-20 04:29 - 2014-05-11 05:53 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-20 04:29 - 2014-05-11 05:53 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-18 17:30 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files\Google
2022-04-14 20:29 - 2017-05-30 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 20:29 - 2017-05-30 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-13 15:01 - 2015-07-15 13:07 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-09 22:24 - 2020-07-06 19:01 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-09 22:24 - 2020-07-06 19:01 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-09 16:08 - 2014-03-15 16:07 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-09 11:33 - 2019-12-07 21:13 - 000003346 _____ C:\Windows\system32\Tasks\AMD ThankingURL
2022-04-09 11:33 - 2018-08-25 14:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2022-04-09 11:33 - 2018-01-24 21:12 - 000003468 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH
2022-04-09 11:33 - 2017-11-15 06:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-04-09 11:33 - 2017-06-24 06:48 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2022-04-09 11:33 - 2017-04-02 20:07 - 000003316 _____ C:\Windows\system32\Tasks\PinItAutoUpdate
2022-04-09 11:33 - 2017-01-15 21:07 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2022-04-09 11:33 - 2014-12-25 07:16 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-04-09 11:33 - 2014-06-08 13:11 - 000003512 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH
==================== Files in the root of some directories ========
2016-08-04 13:38 - 2016-08-04 13:38 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe GIF Format CS5 Prefs
2018-10-07 17:25 - 2022-01-08 09:10 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-09-22 13:00 - 2018-09-22 13:00 - 000308274 _____ () C:\Users\MEH\AppData\Local\ars.cache
2018-09-22 13:00 - 2018-09-22 13:00 - 000589594 _____ () C:\Users\MEH\AppData\Local\census.cache
2018-09-22 12:24 - 2018-09-22 12:24 - 000000036 _____ () C:\Users\MEH\AppData\Local\housecall.guid.cache
2018-09-27 16:17 - 2018-09-27 16:17 - 000000000 _____ () C:\Users\MEH\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2022-04-27 00:23
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by MEH (01-05-2022 19:44:22)
Running from C:\Users\MEH\Downloads
Microsoft Windows 7 ProfessionalService Pack 1 (X64) (2014-03-15 17:07:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4144036370-3246485623-2860655430-500 - Administrator - Disabled)
Guest (S-1-5-21-4144036370-3246485623-2860655430-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4144036370-3246485623-2860655430-1002 - Limited - Enabled)
MEH (S-1-5-21-4144036370-3246485623-2860655430-1000 - Administrator - Enabled) => C:\Users\MEH
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Disabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.3.203 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)
AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 21.9.3208 - AVG Technologies)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{7AA348CE-190E-416B-839E-68E33CFEB580}) (Version: 15.4.14.1 - Broadcom Corporation)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Version: 2.3 - Bibliotheca)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.1.0 - Ursa Minor Ltd)
Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Precision Performance Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 01.07.00 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:- Seiko Epson Corporation)
ERAS Connector (HKLM\...\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}) (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden
Google Analytics Opt-out Browser Add-on (HKLM\...\{381243CE-484C-4DD1-9F0C-0B117AE4D5C1}) (Version: 0.9.7.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.7.0.1092 - Intel Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PBA Driver-x64 (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Version: 1.0.1.8 - Dell Inc.) Hidden
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Preboot Manager (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (HKLM\...\{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}) (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
RealDownloader (HKLM-x32\...\{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}) (Version: 18.1.5.699 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{4e8ca438-78fb-4658-ac5b-2d128f60c54e}) (Version: 18.1.5.699 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5890 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:- Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Version: 2.1.41 - Security Innovation) Hidden
SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
toolkit32for64bit (HKLM-x32\...\{CB63285D-990D-4207-AE31-000025626917}) (Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (HKLM\...\{90DB5C39-360F-4187-9D56-E3B013CEEF73}) (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Version: 05.15.00.024 - Wave Systems Corp) Hidden
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version:- CNET Networks)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>-> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"CmdLineConsumer_WSCEAA\"",Filter="__EventFilter.Name=\"CmdLinefilter_WSCEAA\"::
WMI:subscription\__EventFilter->CmdLinefilter_WSCEAA::[Query => SELECT * FROM MSNdis_StatusMediaConnect]
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->CmdLineConsumer_WSCEAA::[CommandLineTemplate => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\\WSCEAA.exe -nic][WorkingDirectory => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2017-12-06 19:26 - 2017-12-06 19:26 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\MSVCP140.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\ucrtbase.DLL
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> DefaultScope {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =
SearchScopes: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2019-04-04] (Google LLC -> Google, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2019-04-04] (Google LLC -> Google, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\juno.com -> juno.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\2mdn.net -> m1.2mdn.net
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbright.com -> ads.adbright.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbrite.com -> ads.adbrite.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\atdmt.com -> ad.atdmt.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\doubleclick.net -> ad.doubleclick.net
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\google-analytics.com -> google-analytics.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googleadvervice.com -> googleadvervice.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googlesyndication.com -> googlesyndication.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\paypopups.com -> paypopups.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\rmxads.com -> rmxads.com
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\tumri.net -> tumri.net
IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\yimg.com -> ads.yimg.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-11-15 17:15 - 2018-12-03 11:19 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts
2015-06-23 07:14 - 2015-06-23 07:14 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Intel\Services\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\v5;C:\Program Files (x86)\Security Innovation\SI TSS\bin;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Common Files\Autodesk Shared\
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MEH\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeActiveFileMonitor12.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 3
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AMD External Events Utility => 3
MSCONFIG\Services: BrcmMgmtAgent => 2
MSCONFIG\Services: DellDataVault => 3
MSCONFIG\Services: EmbassyService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: InvProtectSvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PbaDrvSvc_x64 => 2
MSCONFIG\Services: poaService => 2
MSCONFIG\Services: PoaSMSrv => 2
MSCONFIG\Services: poaTaServ => 2
MSCONFIG\Services: SboxSvc => 3
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Services: tcsd_win32.exe => 2
MSCONFIG\Services: TdmService => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Wave Authentication Manager Service => 2
MSCONFIG\Services: WvPCR => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MEH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk => C:\Windows\pss\Webshots.lnk.Startup
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellPoaEvents => C:\Program Files\Dell\PPO\DellPoaEvents.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\MEH\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8391D894-0B9C-4407-A9C9-60AB7ADA451D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E47325C9-CDE2-450B-9396-7A9D86C145CB}] => (Allow) LPort=2869
FirewallRules: [{73DB5D30-4F8A-4F30-B3C9-2FC67FA9F1B4}] => (Allow) LPort=1900
FirewallRules: [{076F0951-B5C3-437B-AF88-C096F9FBA359}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DBF65BEF-6C63-45A9-B050-FAAA4113F253}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56491988-FE67-49DB-B9EB-6A2B083887E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7D1AD8E0-8A53-4AD2-BB42-AEF7C55797BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B02375BB-3A42-4297-A339-F972E8D7351D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{EDC49DDE-F6B7-413A-A119-BDA1FE332B6F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B4C2CF95-14A1-47BB-8229-5B8EC972EA13}] => (Block) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{021329CB-0B39-4AE9-9ABB-09A04F713A0F}] => (Block) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{32A841FD-C766-43A3-863A-78098975ECF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
15-04-2022 00:00:01 Scheduled Checkpoint
23-04-2022 00:00:00 Scheduled Checkpoint
30-04-2022 00:00:02 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/01/2022 07:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/01/2022 07:46:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x2b00
Faulting application start time: 0x01d85dbcc1a4bdb7
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: 46051d0c-c9b1-11ec-82d8-000af72c30e1
Error: (05/01/2022 07:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x21d4
Faulting application start time: 0x01d85dbb7da1b9be
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: ff20d252-c9af-11ec-82d8-000af72c30e1
Error: (05/01/2022 07:28:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x22e4
Faulting application start time: 0x01d85dba395c561d
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: bb228935-c9ae-11ec-82d8-000af72c30e1
Error: (05/01/2022 07:19:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x22a0
Faulting application start time: 0x01d85db8f51b890c
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: 76e2caf9-c9ad-11ec-82d8-000af72c30e1
Error: (05/01/2022 07:09:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x194
Faulting application start time: 0x01d85db7b0de8edf
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: 32a1fde8-c9ac-11ec-82d8-000af72c30e1
Error: (05/01/2022 07:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x18d8
Faulting application start time: 0x01d85db66ca2642f
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: ee62a25b-c9aa-11ec-82d8-000af72c30e1
Error: (05/01/2022 06:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x3a8
Faulting application start time: 0x01d85db5286538e3
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Report Id: aa24164a-c9a9-11ec-82d8-000af72c30e1
System errors:
=============
Error: (05/01/2022 07:47:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (05/01/2022 03:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cleanhlp service failed to start due to the following error:
Cannot create a file when that file already exists.
Error: (05/01/2022 01:57:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cleanhlp service failed to start due to the following error:
Cannot create a file when that file already exists.
Error: (05/01/2022 01:54:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
%%16389
Error: (05/01/2022 01:54:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/01/2022 01:50:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.It has done this 1 time(s).The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (05/01/2022 01:50:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (05/01/2022 01:49:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
================Event[0]:
Date: 2017-01-12 17:09:22.056
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
==================== Memory info ===========================
BIOS: Dell Inc. A12 11/03/2013
Motherboard: Dell Inc. 08HPGT
Processor: Intel® Xeon® CPU E5-1620 0 @ 3.60GHz
Percentage of memory in use: 42%
Total physical RAM: 16341.69 MB
Available physical RAM: 9477.45 MB
Total Virtual: 32681.53 MB
Available Virtual: 23453.89 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:342.63 GB) NTFS
Drive d: (MEH) (Fixed) (Total:465.76 GB) (Free:362.78 GB) NTFS
\\?\Volume{c2ff78dd-6fab-11e3-bf1a-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.49 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4A3DDD73)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A3DDD04)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
