• Technology
  • Electrical equipment
  • Material Industry
  • Digital life
  • Privacy Policy
  • O name
Location: Home / Technology / Requested by OH MY

Requested by OH MY

techserving |
1794

MS Word docs were stalling, not closing for a long time, nor opening nor saving quickly, nor saving quickly.Scanning with AVG, Malwarebyes showed nothing. Old version of Emsisoft showed this:

Setting.DisableRegistryTools (A)

Value: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –

Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B

Setting.DisableRegistryTools (A)

Value: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –

Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B

Emsisoft Emergency Kit - Version 9.0

Last update: 11/18/2018 6:31:20 PM

User account: Precision-T3600\MEH

Scan settings:

Scan type: Smart Scan

Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

Scan start:5/1/2022 1:59:18 PM

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)

C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS detected: Gen:Trojan.Heur.KT.2.Li@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS detected: Gen:Trojan.Heur.KT.2.Ai@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\MSTORE.HXSdetected: Gen:Trojan.Heur.KT.2.xi@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\OIS.HXS detected: Gen:Trojan.Heur.KT.2.Bi@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\ONENOTE.HXSdetected: Gen:Trojan.Heur.KT.2.Qj@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\SETLANG.HXS detected: Gen:Trojan.Heur.KT.2.yi@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV.HXS detected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files\Microsoft Office\Office14\1033\WINWORD.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B

C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxSdetected: Gen:Trojan.Heur.KT.2.bi!@ai4D7Fki (B

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe detected: Gen:Trojan.Heur.FU.hu2@a4WmjAci (B

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exedetected: Gen:Trojan.Heur.FU.hu2@a0QUcoki (B

C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exedetected: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (B

C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.36.132\GoogleUpdateSetup.exe detected: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (B

Scanned 249192

Found 20

Scan end: 5/1/2022 2:55:20 PM

Scan time:0:56:02

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022

Ran by MEH (administrator) on PRECISION-T3600 (Dell Inc. Precision T3600) (01-05-2022 19:43:12)

Running from C:\Users\MEH\Downloads

Loaded Profiles: MEH

Platform: Microsoft Windows 7 ProfessionalService Pack 1 (X64) Language: English (United States)

Default browser: FF

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe

(AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>

(C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe

(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(CNET Networks -> Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>

(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <14>

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe

(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe

(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe

(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe

(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe

(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [168376 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)

HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Winlogon: [Shell] - <==== ATTENTION

HKU\S-1-5-21-4144036370-3246485623-2860655430-501\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)

HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)

HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [74016 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard)

HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM\...\Print\Monitors\HPMLM135: C:\Windows\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->

HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)

Startup: C:\Users\MEH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2022-02-18]

ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (CNET Networks -> Webshots.com)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00715906-9A6C-43DA-866C-7523D9352346} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)

Task: {06800F5D-26DE-4E82-985C-2B5EDD75F748} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {35E42BBA-94A0-448C-A0DE-486444F0E3CF} - System32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

Task: {419FB094-AADC-4E57-A1A2-146C5965B067} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"

Task: {4B700974-F9F9-4691-B0F1-289888C6E47C} - System32\Tasks\Opera scheduled Autoupdate 1544753743 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software)

Task: {5505C032-DF9F-4291-8D1B-E5D18C7C2E97} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [52224 2013-10-17] () [File not signed]

Task: {5535F17E-2A3B-49AE-A978-B9F9AAFCB300} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [35184 2012-11-28] (Wave Systems Corp. -> Wave Systems Corp.)

Task: {61DE9BA2-EB53-4D31-A4FB-E5F41422B32E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe /StartRecording (No File)

Task: {654A59F0-4DA5-4631-9129-7724ABE2DAC0} - \Adobe Flash Player NPAPI Notifier -> No File <==== ATTENTION

Task: {65E60B25-67DB-4B81-8C0D-12D4BB8400B7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [5008312 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

Task: {73A86648-CAE9-4631-B6CC-22C4813F53BB} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [893832 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {776C0E4A-EC83-4830-ABE6-AE805CFE1A93} - System32\Tasks\HPCeeScheduleForMEH => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)

Task: {7EC5865E-ADD8-4742-A146-2F0E0AC97EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)

Task: {83B042A5-62E5-401C-BF12-6A57A8DA3F74} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-07] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {86AEF45F-AA8D-43EF-8E3C-034D046B7BA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1582400741 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\MEH\AppData\Local\Programs\Opera\assistant" $(Arg0)

Task: {8A93C550-C837-46C1-B6CD-6E9A060BE90E} - System32\Tasks\{F08BEBEE-FD4F-4756-AE73-0B076D713704} => C:\Windows\system32\pcalua.exe -a "C:\Users\MEH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX4WHZXN\JavaSetup8u191.exe" -d C:\Users\MEH\Desktop

Task: {8FCAE949-B150-4ACE-9806-6D92EE95C7A2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)

Task: {9EE9132B-95A6-41F2-B4E0-BBDC36446286} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

Task: {ACBC7FF7-1B9B-4A32-8465-EE0C5A74421C} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION

Task: {BE0C51C0-C83E-4CEB-96C5-96A11F08AE90} - System32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {C1BC7535-CE35-44EA-AB29-CA485836CFDB} - System32\Tasks\{E08EF988-BD4A-416B-BCA4-271B6798517A} => C:\Users\MEH\Desktop\JRT_NEW.exe (No File)

Task: {CFE23D24-940B-4A38-BF63-B93311BCC136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)

Task: {EDA1EEAA-630F-47CD-91BB-BFE68FE98CD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)

Task: {EEE9458D-E547-490C-BB08-BB85467EF2A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {F532A395-364D-4F8F-B602-A9F923DC3FFE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForMEH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{07844A5C-8366-4EB3-9E56-C221DF0D0D64}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{883F6A1F-DB26-41AD-A138-5D9A044B7999}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{9C16CE0E-C564-4F18-B93B-E2AFE99373FE}: [DhcpNameServer] 10.1.10.1

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\MEH\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]

Edge HomePage: Default -> hxxp://www.duckduckgo.com/

Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:

========

FF DefaultProfile: 0u1mt6n7.default-1416744754553

FF ProfilePath: C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 [2022-05-01]

FF Homepage: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> hxxp://www.duckduckgo.com

FF Session Restore: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> is enabled.

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: newtaboverride@agenedia.com

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: @webrtc-leak-shield

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: ddg@search.mozilla.org

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: wikipedia@search.mozilla.org

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: google@search.mozilla.org

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: ebay@search.mozilla.org

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: bing@search.mozilla.org

FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Enabled: amazondotcom@search.mozilla.org

FF Extension: (WebRTC Leak Shield) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\@webrtc-leak-shield.xpi [2021-09-29]

FF Extension: (Pinterest Save Button) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2022-03-01]

FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-04-26]

FF Extension: (New Tab Override) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\newtaboverride@agenedia.com.xpi [2022-02-07]

FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-10-31] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]

FF Extension: (NoScript) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]

FF Extension: (A Color Within Another Color) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{9e420261-1c2f-4eb7-a9f0-dc7292f17459}.xpi [2021-12-01]

FF Extension: (Adblock Plus - free ad blocker) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-23]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [No File]

FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [No File]

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1233203.dll [2018-05-15] (Adobe Systems, Inc.) [File not signed]

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]

FF Plugin-x32: @real.com/nprpplugin;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:

=======

CHR Profile: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default [2022-05-01]

CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN

CHR DefaultSearchKeyword: Default -> bing.com

CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab

CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316

CHR Extension: (Beauty) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbelgoeoihcmnkgkeanmogncgkfichm [2021-10-09]

CHR Extension: (NiftySplit) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjnlfillpnkgmjnhgklpjjlpjnfeil [2018-06-16]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-13]

CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-28]

CHR Extension: (AutoplayStopper) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [2022-02-28]

CHR Extension: (Don't bleep With Paste) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2020-05-31]

CHR Extension: (Chrome Web Store Payments) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Profile: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-01]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:

=======

OPR Profile: C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable [2022-05-01]

OPR StartupUrls: Opera Stable -> "hxxps://duckduckgo.com/"

OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}

OPR Extension: (Rich Hints Agent) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-03]

OPR Extension: (Opera Crypto Wallet) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-04-22]

OPR Extension: (WebRTC Leak Prevent) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [2021-04-26]

OPR Extension: (Amazon Assistant Promotion) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [713656 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [1770424 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [460728 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [8413296 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S4 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation) [File not signed]

S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)

S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)

S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2486272 2013-04-30] (Dell Inc.) [File not signed]

S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] (Wave Systems Corp. -> )

S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc. -> Invincea, Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8347832 2022-05-01] (Malwarebytes Inc -> Malwarebytes)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]

S4 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]

S4 poaService; C:\Program Files\Dell\PPO\poaService.exe [641232 2013-07-19] (Techporch Incorporated -> Dell Inc.)

S4 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [277712 2013-07-19] (Techporch Incorporated -> Dell Inc.)

S4 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [516304 2013-07-19] (Techporch Incorporated -> Dell Inc.)

S4 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] (Invincea, Inc. -> )

S4 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]

S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-28] (Microsoft Windows -> Microsoft Corporation)

R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp. -> Wave Systems Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1579520 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [222240 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [372336 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250456 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99432 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184768 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [539120 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-11-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107976 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83040 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [852352 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [557784 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [214496 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [316752 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-16] (Emsisoft GmbH -> Emsisoft GmbH)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-19] (Dell Inc. -> Dell Inc.)

R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-04-29] (Techporch Incorporated -> Dell Computer Corporation)

R1 epp64; C:\EEK\bin\epp64.sys [136456 2018-10-27] (Emsisoft Ltd -> Emsisoft GmbH)

S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] (Invincea, Inc. -> )

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)

R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)

R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2013-07-19] (Techporch Incorporated -> Dell Computer Corporation)

R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation -> Corel Corporation)

S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] (Invincea, Inc. -> )

S3 NTIOLib_DVDSetup; \??\F:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-01 19:43 - 2022-05-01 19:44 - 000030777 _____ C:\Users\MEH\Downloads\FRST.txt

2022-05-01 19:35 - 2022-05-01 19:35 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64(1).exe

2022-05-01 19:33 - 2022-05-01 19:33 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64.exe

2022-05-01 19:30 - 2022-05-01 19:30 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\Unconfirmed 516431.crdownload

2022-05-01 13:51 - 2022-05-01 19:37 - 000005014 _____ C:\Windows\system32\Tasks\WSCEAA

2022-04-21 10:37 - 2022-04-21 10:37 - 000128848 _____ C:\Users\MEH\Downloads\Minnesota Urology_20220421.pdf

2022-04-18 17:30 - 2022-04-18 17:30 - 000002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk

2022-04-18 17:30 - 2022-04-18 17:30 - 000002166 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk

2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-01 19:43 - 2014-11-14 19:10 - 000000000 ____D C:\FRST

2022-05-01 19:34 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files (x86)\Google

2022-05-01 19:31 - 2016-11-17 18:09 - 000000000 ____D C:\Users\MEH\AppData\LocalLow\Mozilla

2022-05-01 17:47 - 2017-01-15 21:07 - 000000000 ____D C:\Program Files\CCleaner

2022-05-01 15:48 - 2014-11-16 06:25 - 000000000 ____D C:\EEK

2022-05-01 15:39 - 2021-10-27 05:21 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

2022-05-01 15:39 - 2021-08-07 00:53 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2022-05-01 15:39 - 2020-09-27 19:21 - 000001962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2022-05-01 15:39 - 2020-01-24 06:28 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2022-05-01 15:38 - 2020-01-24 06:28 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

2022-05-01 15:38 - 2017-12-23 17:02 - 000000000 ____D C:\Program Files\Malwarebytes

2022-05-01 15:38 - 2014-04-29 21:07 - 000000000 ____D C:\ProgramData\Malwarebytes

2022-05-01 15:19 - 2014-04-29 18:39 - 000000000 ____D C:\Users\MEH\Documents\Word

2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2022-05-01 13:55 - 2009-07-14 00:13 - 000783790 _____ C:\Windows\system32\PerfStringBackup.INI

2022-05-01 13:55 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf

2022-05-01 13:48 - 2016-10-25 17:37 - 000000000 ____D C:\ProgramData\Avg

2022-05-01 13:47 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2022-05-01 13:46 - 2019-12-07 21:15 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2022-05-01 02:00 - 2014-06-12 13:04 - 000000000 ____D C:\Users\MEH\AppData\Local\Adobe

2022-04-29 04:31 - 2020-07-06 19:08 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-04-29 04:31 - 2020-07-06 19:08 - 000002184 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2022-04-28 01:40 - 2017-10-02 04:53 - 000003174 _____ C:\Windows\system32\Tasks\HPCeeScheduleForMEH

2022-04-28 01:40 - 2017-10-02 04:53 - 000000324 _____ C:\Windows\Tasks\HPCeeScheduleForMEH.job

2022-04-25 15:17 - 2017-08-25 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2022-04-25 15:17 - 2014-03-15 16:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2022-04-21 12:31 - 2018-12-13 21:15 - 000004080 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1544753743

2022-04-21 10:56 - 2021-10-21 10:55 - 000004310 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582400741

2022-04-20 04:29 - 2014-05-11 05:53 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA

2022-04-20 04:29 - 2014-05-11 05:53 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

2022-04-18 17:30 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files\Google

2022-04-14 20:29 - 2017-05-30 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2022-04-14 20:29 - 2017-05-30 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2022-04-13 15:01 - 2015-07-15 13:07 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2022-04-09 22:24 - 2020-07-06 19:01 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2022-04-09 22:24 - 2020-07-06 19:01 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2022-04-09 16:08 - 2014-03-15 16:07 - 000000000 ____D C:\ProgramData\Mozilla

2022-04-09 11:33 - 2019-12-07 21:13 - 000003346 _____ C:\Windows\system32\Tasks\AMD ThankingURL

2022-04-09 11:33 - 2018-08-25 14:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software

2022-04-09 11:33 - 2018-01-24 21:12 - 000003468 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH

2022-04-09 11:33 - 2017-11-15 06:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update

2022-04-09 11:33 - 2017-06-24 06:48 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update

2022-04-09 11:33 - 2017-04-02 20:07 - 000003316 _____ C:\Windows\system32\Tasks\PinItAutoUpdate

2022-04-09 11:33 - 2017-01-15 21:07 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC

2022-04-09 11:33 - 2014-12-25 07:16 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

2022-04-09 11:33 - 2014-06-08 13:11 - 000003512 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH

==================== Files in the root of some directories ========

2016-08-04 13:38 - 2016-08-04 13:38 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe GIF Format CS5 Prefs

2018-10-07 17:25 - 2022-01-08 09:10 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe PNG Format CS5 Prefs

2018-09-22 13:00 - 2018-09-22 13:00 - 000308274 _____ () C:\Users\MEH\AppData\Local\ars.cache

2018-09-22 13:00 - 2018-09-22 13:00 - 000589594 _____ () C:\Users\MEH\AppData\Local\census.cache

2018-09-22 12:24 - 2018-09-22 12:24 - 000000036 _____ () C:\Users\MEH\AppData\Local\housecall.guid.cache

2018-09-27 16:17 - 2018-09-27 16:17 - 000000000 _____ () C:\Users\MEH\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2022-04-27 00:23

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022

Ran by MEH (01-05-2022 19:44:22)

Running from C:\Users\MEH\Downloads

Microsoft Windows 7 ProfessionalService Pack 1 (X64) (2014-03-15 17:07:50)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4144036370-3246485623-2860655430-500 - Administrator - Disabled)

Guest (S-1-5-21-4144036370-3246485623-2860655430-501 - Limited - Enabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-4144036370-3246485623-2860655430-1002 - Limited - Enabled)

MEH (S-1-5-21-4144036370-3246485623-2860655430-1000 - Administrator - Enabled) => C:\Users\MEH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

AS: AVG Antivirus (Disabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.3.203 - Adobe Systems, Inc.)

Amazon Kindle (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)

AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 21.9.3208 - AVG Technologies)

Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{7AA348CE-190E-416B-839E-68E33CFEB580}) (Version: 15.4.14.1 - Broadcom Corporation)

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)

cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Version: 2.3 - Bibliotheca)

CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.1.0 - Ursa Minor Ltd)

Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.002 - Wave Systems Corp.) Hidden

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)

Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Precision Performance Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 01.07.00 - Dell Inc.)

Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)

DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Version: 01.03.00.078 - Wave Systems Corp.) Hidden

EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Version: 01.03.00.123 - Wave Systems Corp.) Hidden

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:- Seiko Epson Corporation)

ERAS Connector (HKLM\...\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}) (Version: 02.09.05.0335 - Wave Systems Corp) Hidden

FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)

Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Version: 01.64.01.0010 - Wave Systems Corp) Hidden

GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden

Google Analytics Opt-out Browser Add-on (HKLM\...\{381243CE-484C-4DD1-9F0C-0B117AE4D5C1}) (Version: 0.9.7.0 - Google Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)

Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)

Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)

Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)

Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.7.0.1092 - Intel Corporation)

Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes)

Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Requested by OH MY

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Opera Stable 85.0.4341.75 (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Opera 85.0.4341.75) (Version: 85.0.4341.75 - Opera Software)

OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)

PBA Driver-x64 (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Version: 1.0.1.8 - Dell Inc.) Hidden

Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)

Preboot Manager (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Version: 03.05.00.043 - Wave Systems Corp.) Hidden

Private Information Manager (HKLM\...\{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}) (Version: 07.03.00.032 - Wave Systems Corp.) Hidden

PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden

RealDownloader (HKLM-x32\...\{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}) (Version: 18.1.5.699 - RealNetworks, Inc.) Hidden

RealDownloader (HKLM-x32\...\{4e8ca438-78fb-4658-ac5b-2d128f60c54e}) (Version: 18.1.5.699 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5890 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)

Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:- Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Version: 2.1.41 - Security Innovation) Hidden

SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

toolkit32for64bit (HKLM-x32\...\{CB63285D-990D-4207-AE31-000025626917}) (Version: 7.70.13.0001 - Wave Systems Corp) Hidden

Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Version: 5.0.2.24 - Wave Systems Corp.) Hidden

UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden

vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden

Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden

Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden

Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden

Wave Infrastructure Installer (HKLM\...\{90DB5C39-360F-4187-9D56-E3B013CEEF73}) (Version: 07.70.13.0001 - Wave Systems Corp) Hidden

Wave Support Software Installer (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Version: 05.15.00.024 - Wave Systems Corp) Hidden

Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version:- CNET Networks)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)

ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)

ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>-> No File

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.) [File not signed]

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"CmdLineConsumer_WSCEAA\"",Filter="__EventFilter.Name=\"CmdLinefilter_WSCEAA\"::

WMI:subscription\__EventFilter->CmdLinefilter_WSCEAA::[Query => SELECT * FROM MSNdis_StatusMediaConnect]

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

WMI:subscription\CommandLineEventConsumer->CmdLineConsumer_WSCEAA::[CommandLineTemplate => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\\WSCEAA.exe -nic][WorkingDirectory => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\]

WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2017-12-06 19:26 - 2017-12-06 19:26 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll

2013-11-15 00:47 - 2013-11-15 00:47 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll

2013-11-15 00:47 - 2013-11-15 00:47 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\MSVCP140.dll

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\ucrtbase.DLL

2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140.dll

2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Nanoheal"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Start"="2"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Type"="272"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Application"="C:\Program Files\Nanoheal\Client\srvc.exe"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "AppParameters"=""

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/

HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB

HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> DefaultScope {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =

SearchScopes: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =

BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File

BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2019-04-04] (Google LLC -> Google, Inc.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2019-04-04] (Google LLC -> Google, Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\juno.com -> juno.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\2mdn.net -> m1.2mdn.net

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbright.com -> ads.adbright.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbrite.com -> ads.adbrite.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\atdmt.com -> ad.atdmt.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\doubleclick.net -> ad.doubleclick.net

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\google-analytics.com -> google-analytics.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googleadvervice.com -> googleadvervice.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googlesyndication.com -> googlesyndication.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\paypopups.com -> paypopups.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\rmxads.com -> rmxads.com

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\tumri.net -> tumri.net

IE restricted site: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\yimg.com -> ads.yimg.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-11-15 17:15 - 2018-12-03 11:19 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts

2015-06-23 07:14 - 2015-06-23 07:14 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Intel\Services\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\v5;C:\Program Files (x86)\Security Innovation\SI TSS\bin;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Common Files\Autodesk Shared\

HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MEH\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeActiveFileMonitor12.0 => 2

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeUpdateService => 3

MSCONFIG\Services: AGMService => 2

MSCONFIG\Services: AGSService => 2

MSCONFIG\Services: AMD External Events Utility => 3

MSCONFIG\Services: BrcmMgmtAgent => 2

MSCONFIG\Services: DellDataVault => 3

MSCONFIG\Services: EmbassyService => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: Intel® PROSet Monitoring Service => 2

MSCONFIG\Services: InvProtectSvc => 3

MSCONFIG\Services: jhi_service => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: PbaDrvSvc_x64 => 2

MSCONFIG\Services: poaService => 2

MSCONFIG\Services: PoaSMSrv => 2

MSCONFIG\Services: poaTaServ => 2

MSCONFIG\Services: SboxSvc => 3

MSCONFIG\Services: SecureStorageService => 3

MSCONFIG\Services: tcsd_win32.exe => 2

MSCONFIG\Services: TdmService => 2

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: Wave Authentication Manager Service => 2

MSCONFIG\Services: WvPCR => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^MEH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk => C:\Windows\pss\Webshots.lnk.Startup

MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: DellPoaEvents => C:\Program Files\Dell\PPO\DellPoaEvents.exe

MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe

MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\MEH\AppData\Local\Programs\Opera\assistant\browser_assistant.exe

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{8391D894-0B9C-4407-A9C9-60AB7ADA451D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E47325C9-CDE2-450B-9396-7A9D86C145CB}] => (Allow) LPort=2869

FirewallRules: [{73DB5D30-4F8A-4F30-B3C9-2FC67FA9F1B4}] => (Allow) LPort=1900

FirewallRules: [{076F0951-B5C3-437B-AF88-C096F9FBA359}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{DBF65BEF-6C63-45A9-B050-FAAA4113F253}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{56491988-FE67-49DB-B9EB-6A2B083887E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{7D1AD8E0-8A53-4AD2-BB42-AEF7C55797BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{B02375BB-3A42-4297-A339-F972E8D7351D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

FirewallRules: [{EDC49DDE-F6B7-413A-A119-BDA1FE332B6F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

FirewallRules: [{B4C2CF95-14A1-47BB-8229-5B8EC972EA13}] => (Block) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

FirewallRules: [{021329CB-0B39-4AE9-9ABB-09A04F713A0F}] => (Block) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

FirewallRules: [{32A841FD-C766-43A3-863A-78098975ECF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-04-2022 00:00:01 Scheduled Checkpoint

23-04-2022 00:00:00 Scheduled Checkpoint

30-04-2022 00:00:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (05/01/2022 07:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/01/2022 07:46:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x2b00

Faulting application start time: 0x01d85dbcc1a4bdb7

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: 46051d0c-c9b1-11ec-82d8-000af72c30e1

Error: (05/01/2022 07:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x21d4

Faulting application start time: 0x01d85dbb7da1b9be

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: ff20d252-c9af-11ec-82d8-000af72c30e1

Error: (05/01/2022 07:28:05 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x22e4

Faulting application start time: 0x01d85dba395c561d

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: bb228935-c9ae-11ec-82d8-000af72c30e1

Error: (05/01/2022 07:19:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x22a0

Faulting application start time: 0x01d85db8f51b890c

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: 76e2caf9-c9ad-11ec-82d8-000af72c30e1

Error: (05/01/2022 07:09:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x194

Faulting application start time: 0x01d85db7b0de8edf

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: 32a1fde8-c9ac-11ec-82d8-000af72c30e1

Error: (05/01/2022 07:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x18d8

Faulting application start time: 0x01d85db66ca2642f

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: ee62a25b-c9aa-11ec-82d8-000af72c30e1

Error: (05/01/2022 06:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42

Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8

Exception code: 0xc0000005

Fault offset: 0x000000000001ad88

Faulting process id: 0x3a8

Faulting application start time: 0x01d85db5286538e3

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll

Report Id: aa24164a-c9a9-11ec-82d8-000af72c30e1

System errors:

=============

Error: (05/01/2022 07:47:16 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (05/01/2022 03:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The cleanhlp service failed to start due to the following error:

Cannot create a file when that file already exists.

Error: (05/01/2022 01:57:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The cleanhlp service failed to start due to the following error:

Cannot create a file when that file already exists.

Error: (05/01/2022 01:54:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Security Center service terminated with the following error:

%%16389

Error: (05/01/2022 01:54:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/01/2022 01:50:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.It has done this 1 time(s).The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/01/2022 01:50:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (05/01/2022 01:49:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

and APPID

{344ED43D-D086-4961-86A6-1106F4ACAD9B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Windows Defender:

================Event[0]:

Date: 2017-01-12 17:09:22.056

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted:Current

Error Code:0x80070002

Error description:The system cannot find the file specified.

Signature version:0.0.0.0

Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: Dell Inc. A12 11/03/2013

Motherboard: Dell Inc. 08HPGT

Processor: Intel® Xeon® CPU E5-1620 0 @ 3.60GHz

Percentage of memory in use: 42%

Total physical RAM: 16341.69 MB

Available physical RAM: 9477.45 MB

Total Virtual: 32681.53 MB

Available Virtual: 23453.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:342.63 GB) NTFS

Drive d: (MEH) (Fixed) (Total:465.76 GB) (Free:362.78 GB) NTFS

\\?\Volume{c2ff78dd-6fab-11e3-bf1a-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4A3DDD73)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A3DDD04)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================