Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old August 2nd, 2021, 08:13 AM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 464
Running slow and programs slow to respond

I have a Dell table top computer. Lately it has been taking a long time to start a program. Many times when I open up a program it says "not responding" then loads up after a minute or so.

Appreciate your assistance

EDO
Reply With Quote


  #2  
Old August 2nd, 2021, 05:17 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,155
Howdy EDO,

Let's take a look.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old August 5th, 2021, 02:50 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,155
Do you need any help with running the scan or posting the logs?
Reply With Quote
  #4  
Old August 11th, 2021, 10:14 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 464
Frst #1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by Ed (administrator) on THEOSUNAPC (Dell Inc. Inspiron 2350) (11-08-2021 13:56:12)
Running from C:\Users\Ed\Downloads
Loaded Profiles: Ed
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music.exe <5>
(AOL Inc. -> AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1418490716\ee\aolsoftware.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(DELL INC.) [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler6 4.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.e xe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Update Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Ed\AppData\Local\Microsoft\OneDrive\OneDr ive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.1 4307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20090.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Ds api.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSvcHost.x64.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

==================== Registry (All) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393200 2017-10-20] (Intel(R) pGFX -> )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2750536 2013-11-11] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [171320 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [CDCtr] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe [412672 2011-10-07] () [File not signed]
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-10-07] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1418490716\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc. -> AOL Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-06-29] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4849904 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [4419176 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0
HKLM\...\Policies\Explorer: [NoRun] 0
HKLM\...\Policies\Explorer: [NoClose] 0
HKLM\...\Policies\Explorer: [StartMenuLogoff] 0
HKLM\...\Policies\Explorer: [NoResolveTrack] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [OneDrive] => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\OneDr ive.exe [2332544 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [Amazon Music Helper] => C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music Helper.exe [2356312 2021-07-21] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [Amazon Music] => C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music.exe*滋䳹ᤀ蠀ऒp**띛***ࡵꎼḿޅ**䓔Ϝᛸǭ****䢴ۨ䢴ۨ********** ********************渴䰎ᨀ蠀C:\Progr
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoDrives] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoClose] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [StartMenuLogoff] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoResolveTrack] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoActiveDesktopChanges] 0
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [184320 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\win32spl.dll [886272 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX420 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAM.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon Pro9000 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD7U.DLL [27648 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dl l [46080 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Appmon: C:\WINDOWS\system32\AppMon.dll [114688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX420 series: C:\WINDOWS\system32\CNCALAM.DLL [302080 2010-09-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX420 series: C:\WINDOWS\system32\CNMLMAM.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor Pro9000: C:\WINDOWS\system32\CNMLM7U.DLL [258560 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Docudesk Monitor: C:\Windows\system32\ddmon4-64x.dll [35944 2013-06-17] (Docudesk -> )
HKLM\...\Print\Monitors\Local Port: C:\WINDOWS\system32\localspl.dll [1271296 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\WINDOWS\system32\FXSMON.DLL [49152 2021-02-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\WINDOWS\system32\tcpmon.dll [225280 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\USB Monitor: C:\WINDOWS\system32\usbmon.dll [931328 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\WSD Port: C:\WINDOWS\system32\APMon.dll [1487360 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\setuphost. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\Custom\setupprep. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{553 4e02f-0f5d-40dd-ba92-bea38d22384d}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\Custom64\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> C:\WINDOWS\system32\themeui.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> C:\WINDOWS\system32\shell32.dll [2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4383}] -> C:\Windows\System32\ie4uinit.exe [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Inst aller\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Insta ller\setup.exe [2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{01A30791-40AE-4653-AB2E-FD210019AE88}] -> C:\WINDOWS\system32\mgmtrefreshcredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1b283861-754f-4022-ad47-a5eaaa618894}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1ee7337f-85ac-45e2-a23c-37c753209769}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{25CBB996-92ED-457e-B28C-4774084BD562}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}] -> C:\WINDOWS\system32\TrustedSignalCredProv.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2D8B3101-E025-480D-917C-835522C7F628}] ->
HKLM\Software\...\Authentication\Credential Providers: [{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\Windows\System32\devicengccredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{600e7adb-da3e-41a4-9225-3c0399e88c0c}] -> C:\WINDOWS\system32\cngcredui.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8FD7E19C-3BF7-489B-A72C-846AB3678C96}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{A910D941-9DA9-4656-8933-AA1EAE01F76E}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Providers: [{BEC09223-B018-416D-A0AC-523971B639F5}] -> C:\WINDOWS\System32\BioCredProv.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C5D7540A-CD51-453B-B22B-05305BA03F07}] -> C:\Windows\System32\cxcredprov.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{cb82ea12-9f71-446d-89e1-8d0924e1256e}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\Windows\System32\ngccredprov.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}] -> C:\WINDOWS\system32\certCredProvider.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\WINDOWS\system32\wlidcredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A1793B-7873-4046-B2A7-1F318747F427}] -> C:\WINDOWS\system32\fidocredprov.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\PLAP Providers: [{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}] -> C:\WINDOWS\system32\rasplap.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\WINDOWS\system32\wlgpclnt.dll [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> C:\WINDOWS\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\WINDOWS\system32\fdeploy.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] -> C:\WINDOWS\System32\dskquota.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4bcd6cde-777b-48b6-9804-43568e23545d}] -> C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyExt ension.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}] -> C:\Windows\System32\tsworkspace.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> C:\WINDOWS\system32\WorkFoldersGPExt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7909AD9E-09EE-4247-BAB9-7029D5F0A278}] -> C:\WINDOWS\system32\dmenrollengine.dll [2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7933F41E-56F8-41d6-A31C-4148A711EE93}] -> C:\WINDOWS\System32\srchadmin.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7B849a69-220F-451E-B3FE-2CB811AF94AE}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\WINDOWS\system32\scecli.dll [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] -> C:\WINDOWS\system32\gpprnext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\WINDOWS\system32\dot3gpclnt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> C:\WINDOWS\system32\pwlauncher.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> C:\WINDOWS\system32\pwlauncher.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}] -> C:\WINDOWS\system32\domgmt.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{e437bc1c-aa7d-11d2-a382-00c04f991e27}] -> C:\WINDOWS\System32\polstore.dll [2021-05-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> C:\WINDOWS\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-12-11]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FACD921-A746-4483-9F1B-8CAFC2506744} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [30912 2018-03-20] (Rivet Networks LLC -> DELL)
Task: {15910A5B-E8E6-4B94-ACF8-5036E817F426} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {203B35C4-7190-4030-A461-A9EC3B677FFE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2749BF2E-8E5E-4EF5-A9AE-01858E55F90E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {281380EB-6887-4BBF-8B52-76C34B7AEC6C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafet yUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2DA6EE67-CF74-484E-9E22-5D734066C9F6} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {364AC615-5EAC-4D23-99C9-1DA483BA26CB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [435672 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {515472BB-4661-41D6-832F-C7826ED6054D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {5501D686-147F-492F-B06B-CE54649ACC11} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [4950328 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {6AB27D2A-D5C9-4DE9-B74E-4F4793F019B4} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {76BE5BF3-5331-4905-B12D-E789B15D373B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} -
Reply With Quote
  #5  
Old August 11th, 2021, 10:15 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 464
Frst #2

System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8D94727F-5E8E-4696-80AD-4B68BD8A8F29} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer. exe [17200 2013-08-22] (Wyse Technology Inc -> )
Task: {8E40AD82-12A0-4523-8176-1B8813CB15A2} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {9457B8C0-784A-4C3E-88F0-602408251BF1} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {9682121B-D9B8-4A9D-BE6D-D1B942EA39F6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [1060384 2021-07-17] (Dell Inc -> Dell Inc.)
Task: {B25F03A6-2C87-441A-B143-9059BAF1810F} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {BDFDD787-F2C3-4AE7-ABFB-5C92BC1FBE0F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\Backgro undConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D52DAD61-A9E8-4ECF-9D60-853313B44058} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [713008 2013-08-22] (Wyse Technology Inc -> )
Task: {DF8AB0AC-9A2F-4B70-88C0-51FB02590D54} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
Task: {E605B462-C23B-4183-8A63-37305F10A57A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {FDE5167A-2CCF-4B65-B96B-E79860721AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{459d13af-9b75-4a43-b05f-855e141de95f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48adc69b-9fb3-4197-9efc-8e100029ad8d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Ed\Downloads
Edge Notifications: HKU\S-1-5-21-218343863-661377091-144714471-1001 -> hxxps://www.aol.com; hxxps://www.facebook.com; hxxps://sugarfreelondoner.com; hxxps://www.instagram.com; hxxps://filmora.wondershare.net; hxxps://mail.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (Web Threat Shield) -> EdgeExtension_68D6D712WebrootWebThreatShieldUWPEdg e_3n9w82bea0x6e => C:\Program Files\WindowsApps\68D6D712.Webroot.WebThreatShield .UWP.Edge_1.10.20077.0_x64__3n9w82bea0x6e [2020-03-26]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ed\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-11]
Edge DownloadDir: Default -> C:\Users\Ed\Downloads
Edge Notifications: Default -> hxxps://filmora.wondershare.net; hxxps://mail.google.com; hxxps://sugarfreelondoner.com; hxxps://www.aol.com; hxxps://www.calafiaairlines.com; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.shopcrush.com; hxxps://www.volaris.com
Edge Extension: (Web Threat Shield) - C:\Users\Ed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmkaflbamgddpjacdmjlkhbnpn lemaea [2021-03-05]
Edge Extension: (Capital One Shopping: Add to Edge for free) - C:\Users\Ed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikf cefljn [2021-08-05]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-23] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default [2021-08-10]
CHR Notifications: Default -> hxxps://drive.google.com; hxxps://www.facebook.com; hxxps://www.instagram.com
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR Extension: (Slides) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30]
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-28]
CHR Extension: (*******) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihg feikcl [2014-12-08]
CHR Extension: (Sheets) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-12]
CHR Extension: (Full Screen Weather) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemep fehibg [2015-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-07-01]
CHR Extension: (Google Play Music) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcf okfdhg [2016-06-07]
CHR Extension: (Surfer Girl) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhajakjmgifbldiijjjldlebm jljoib [2019-05-16]
CHR Extension: (Google Maps) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbea pigfbh [2015-09-20]
CHR Extension: (AVG Secure Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadj fpblof [2020-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2021-07-24]
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-10]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [625976 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [374072 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [8297584 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3834400 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-07-13] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Ds api.exe [1020584 2021-07-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [73728 2013-11-19] () [File not signed]
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-05-27] (Dell Inc -> )
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Techporch Incorporated -> Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.e xe [299680 2021-07-24] (HP Inc. -> HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-04-29] (Malwarebytes Inc -> Malwarebytes)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (Rivet Networks LLC -> CloudBees, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (Dell Inc. -> SoftThinks SAS)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks LLC -> Rivet Networks)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [39968 2021-07-17] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [1776776 2021-05-14] (Webroot -> Webroot, Inc.)
R2 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3115544 2021-05-14] (Webroot -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [5555632 2021-06-29] (Webroot Inc. -> Webroot)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] (Wyse Technology Inc -> )
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35848 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [219104 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [367696 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [250448 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99440 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [17336 2021-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R3 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41504 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [184768 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [559960 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [108552 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83064 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [851864 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [472072 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215536 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [328720 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-29] (Martin Malik - REALiX -> REALiX(tm))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-01] (Malwarebytes Inc -> Malwarebytes)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 wanatw; C:\WINDOWS\System32\drivers\wanatw64.sys [24064 2006-11-29] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 WRBoot; C:\WINDOWS\System32\drivers\WRBoot.sys [15800 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> )
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [331200 2021-04-21] (Webroot, Inc -> Webroot, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-01-22] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [58304 2020-05-27] (Webroot, Inc -> Webroot)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-11 13:56 - 2021-08-11 14:00 - 000049110 _____ C:\Users\Ed\Downloads\FRST.txt
2021-08-11 13:52 - 2021-08-11 13:58 - 000000000 ____D C:\FRST
2021-08-11 13:50 - 2021-08-11 13:51 - 002300416 _____ (Farbar) C:\Users\Ed\Downloads\FRST64.exe
2021-08-11 13:49 - 2021-08-11 13:48 - 000184357 _____ C:\Users\Ed\Desktop\Pension Period.jpeg
2021-08-11 13:43 - 2021-08-11 13:43 - 000188818 _____ C:\Users\Ed\Desktop\Bank Statement.jpeg
2021-08-11 13:19 - 2021-08-11 13:17 - 000340280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-08-11 13:18 - 2021-08-11 13:17 - 000215544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswaba076af73e4403c.tm p
2021-08-11 12:48 - 2021-08-11 12:47 - 000652807 _____ C:\Users\Ed\Desktop\Insurance Declaration page.jpeg
2021-08-11 12:46 - 2021-08-11 13:48 - 000000000 ___RD C:\Users\Ed\Documents\Scanned Documents
2021-08-11 12:46 - 2021-08-11 12:46 - 000000000 ____D C:\Users\Ed\Documents\Fax
2021-08-11 12:01 - 2021-08-11 12:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 11:59 - 2021-08-11 11:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 11:59 - 2021-08-11 11:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-11 11:59 - 2021-08-11 11:59 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 11:58 - 2021-08-11 11:58 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-11 11:58 - 2021-08-11 11:58 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-11 11:57 - 2021-08-11 11:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjec ts.dll
2021-08-11 11:01 - 2021-08-11 11:01 - 000000000 ___HD C:\$WinREAgent
2021-08-07 10:57 - 2021-08-07 10:57 - 000013447 _____ C:\Users\Ed\Downloads\ed_osuna_transactions_7.9.xl sx
2021-08-06 09:20 - 2021-03-15 17:12 - 000832635 _____ C:\Users\Ed\Desktop\Eds 2019 Tax Return.pdf
2021-08-05 13:12 - 2021-08-05 13:12 - 000211220 _____ C:\Users\Ed\Downloads\davis brookline UO Review.pdf
2021-08-05 13:09 - 2021-08-05 13:09 - 000227877 _____ C:\Users\Ed\Downloads\davis brookline Buyer addendum Review.pdf
2021-08-05 13:08 - 2021-08-05 13:08 - 000243004 _____ C:\Users\Ed\Downloads\Davis P S Draft 3 Review.pdf
2021-08-03 12:20 - 2021-08-03 12:20 - 000237897 _____ C:\Users\Ed\Downloads\Schwab June 5501-Osuna.pdf
2021-08-03 11:03 - 2021-08-03 11:03 - 000241690 _____ C:\Users\Ed\Downloads\Davis P S Draft.pdf
2021-08-03 06:50 - 2021-08-03 06:50 - 000152352 _____ C:\Users\Ed\Downloads\Pension-Ed.pdf
2021-08-03 06:44 - 2021-08-03 06:44 - 000088780 _____ C:\Users\Ed\Downloads\Chase Bank Trust-Donna.pdf
2021-08-03 06:40 - 2021-07-09 08:55 - 000052029 _____ C:\Users\Ed\Downloads\Donnas Social Security.pdf
2021-08-03 06:31 - 2021-07-04 12:59 - 000683370 _____ C:\Users\Ed\Downloads\DonnaOsuna Est IRA Mass.pdf
2021-08-03 06:24 - 2021-08-03 06:24 - 000156501 _____ C:\Users\Ed\Downloads\Schwab IRA-Donna.pdf
2021-08-03 06:23 - 2021-08-03 06:23 - 000158981 _____ C:\Users\Ed\Downloads\Schwab Inherit IRA-Donna.pdf
2021-08-03 06:22 - 2021-08-03 06:22 - 000188236 _____ C:\Users\Ed\Downloads\Schwab Invest-Osuna.pdf
2021-08-03 06:21 - 2021-08-03 06:21 - 000163327 _____ C:\Users\Ed\Downloads\Schwab IRA-Ed.pdf
2021-08-03 06:19 - 2021-08-03 06:20 - 000282094 _____ C:\Users\Ed\Downloads\Royal Alliance-Osuna.pdf
2021-08-03 06:18 - 2021-08-03 06:18 - 000147391 _____ C:\Users\Ed\Downloads\Jackson IRA-Donna.pdf
2021-08-03 06:17 - 2021-08-03 06:17 - 000153169 _____ C:\Users\Ed\Downloads\Jackson IRA-Ed.pdf
2021-08-03 06:15 - 2021-08-03 06:15 - 000013797 _____ C:\Users\Ed\Downloads\Pentagon Credit Union-Osuna.PDF
2021-08-03 06:11 - 2021-08-03 06:11 - 002381032 _____ C:\Users\Ed\Downloads\Eagle Credit Union-DonnaPDF.PDF
2021-08-03 06:10 - 2021-08-03 06:10 - 002373012 _____ C:\Users\Ed\Downloads\Eagle Credit Union-Ed.PDF
2021-08-03 06:08 - 2021-08-03 06:08 - 000023799 _____ C:\Users\Ed\Downloads\Union Bank-Osuna.pdf
2021-08-01 23:59 - 2021-06-29 05:43 - 000159864 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-07-14 12:56 - 2021-07-14 12:56 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-14 12:56 - 2021-07-14 12:56 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-14 12:56 - 2021-07-14 12:56 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-14 12:56 - 2021-07-14 12:56 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-11 14:00 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-11 13:43 - 2014-12-08 14:09 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-11 13:40 - 2014-09-01 17:36 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2021-08-11 13:33 - 2014-12-08 15:07 - 000000000 ___RD C:\Users\Ed\OneDrive
2021-08-11 13:32 - 2020-12-06 17:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-11 13:32 - 2020-03-24 17:14 - 000000000 ____D C:\Users\Ed\AppData\Local\Amazon Music
2021-08-11 13:30 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-11 13:30 - 2017-09-15 10:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-11 13:30 - 2016-03-14 09:23 - 000000000 __SHD C:\Users\Ed\IntelGraphicsProfiles
2021-08-11 13:20 - 2020-12-06 17:48 - 000004004 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-08-11 13:19 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-11 13:17 - 2020-10-14 00:13 - 000184768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-08-11 13:17 - 2020-06-19 17:15 - 000559960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-08-11 13:17 - 2019-01-06 09:57 - 000250448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-08-11 13:17 - 2019-01-06 09:57 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-08-11 13:17 - 2018-11-03 12:58 - 000041504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-08-11 13:17 - 2018-07-18 08:37 - 000017336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2021-08-11 13:17 - 2017-10-07 12:09 - 000472072 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-08-11 13:17 - 2017-10-07 12:09 - 000328720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-08-11 13:17 - 2017-10-07 12:09 - 000108552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-08-11 13:17 - 2017-10-07 12:09 - 000083064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-08-11 13:16 - 2019-01-14 14:29 - 000367696 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-08-11 13:16 - 2019-01-06 09:57 - 000035848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-08-11 13:16 - 2017-11-27 19:32 - 000219104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-08-11 13:16 - 2017-10-07 12:09 - 000851864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-08-11 13:13 - 2020-12-06 17:25 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-11 13:13 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-11 13:09 - 2017-10-07 12:04 - 000000000 ____D C:\ProgramData\Avg
2021-08-11 13:09 - 2015-06-09 18:08 - 000000000 ____D C:\ProgramData\WRData
2021-08-11 13:08 - 2020-12-06 17:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-11 13:08 - 2020-12-06 16:59 - 000445656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-11 13:08 - 2017-09-15 11:10 - 000000790 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2021-08-11 13:08 - 2015-06-09 18:09 - 000277528 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2021-08-11 13:08 - 2015-06-09 18:09 - 000229008 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2021-08-11 13:07 - 2020-12-06 16:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-11 13:06 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-11 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 13:02 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-11 12:51 - 2014-12-30 09:17 - 000000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2021-08-11 12:13 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-11 10:56 - 2014-12-11 18:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 10:52 - 2014-12-11 18:23 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-11 08:47 - 2020-12-06 17:48 - 000004146 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronizatio n-{585E07E5-E9A4-4A12-ABCE-CD66CB4101FF}
2021-08-10 15:36 - 2014-12-15 19:30 - 000000000 ____D C:\Users\Ed\Documents\Donna's Documents
2021-08-09 15:51 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-09 14:46 - 2018-02-28 20:03 - 000000000 ____D C:\Users\Ed\AppData\Local\Packages
2021-08-07 10:20 - 2020-07-08 19:56 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-07 10:20 - 2020-07-08 19:56 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-08-05 10:55 - 2017-03-07 12:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-05 10:55 - 2014-12-08 14:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-05 10:46 - 2020-12-06 17:48 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-218343863-661377091-144714471-1001
2021-08-05 10:46 - 2020-12-05 21:56 - 000002410 _____ C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\OneDrive.lnk
2021-08-05 10:36 - 2020-12-06 17:48 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A
2021-08-05 10:36 - 2020-12-06 17:48 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-08-03 12:40 - 2014-09-01 17:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-08-03 12:35 - 2020-12-06 17:48 - 000003914 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-08-02 05:59 - 2020-03-24 17:15 - 000001284 _____ C:\Users\Ed\Desktop\Amazon Music.lnk
2021-07-31 20:21 - 2017-12-13 15:44 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-31 20:16 - 2021-01-11 17:30 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore1d6cc2f5e0ef5d5
2021-07-31 20:16 - 2020-12-06 17:48 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-07-26 13:48 - 2021-05-13 16:32 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-07-24 11:32 - 2021-04-06 10:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-07-20 11:38 - 2018-06-21 10:05 - 000000000 ____D C:\Users\Ed\AppData\Local\PlaceholderTileLogoFolde r
2021-07-15 00:21 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-15 00:21 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System

==================== Files in the root of some directories ========

2015-01-07 18:40 - 2015-05-30 08:08 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-02-06 16:48 - 2015-02-06 16:48 - 000000017 _____ () C:\Users\Ed\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2016-03-20 12:46 C:\System Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
  #6  
Old August 11th, 2021, 10:16 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 464
Addition #1

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
Ran by Ed (11-08-2021 14:03:09)
Running from C:\Users\Ed\Downloads
Windows 10 Home Version 21H1 19043.1165 (X64) (2020-12-07 00:51:14)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-218343863-661377091-144714471-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-218343863-661377091-144714471-503 - Limited - Disabled)
Ed (S-1-5-21-218343863-661377091-144714471-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-218343863-661377091-144714471-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-218343863-661377091-144714471-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-218343863-661377091-144714471-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
AS: Webroot SecureAnywhere (Enabled - Up to date) {514319A2-C500-0EA6-AEA8-2327724F239D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.4 (HKLM-x32\...\{AA5C80E7-8876-4026-A0D0-582D8EFBA2E1}) (Version: 4.4.7.2307 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Amazon Amazon Music) (Version: 8.7.0.2277 - Amazon.com Services LLC)
Any Video Converter Ultimate 6.2.5 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
AquaSoft DiaShow 10 Premium (HKLM-x32\...\AquaSoft DiaShow 10 Premium) (Version: 10.6.08.02125 - AquaSoft)
AquaSoft DiaShow 10 Ultimate (HKLM-x32\...\AquaSoft DiaShow 10 Ultimate) (Version: 10.5.13.01915 - AquaSoft)
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}) (Version: 4.5.2 - Canon)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon EOS Kiss REBEL 300D WIA Driver (HKLM-x32\...\InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}) (Version: 5.1 - Canon)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - Canon Inc.)
Canon MX420 series User Registration (HKLM-x32\...\Canon MX420 series User Registration) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon PhotoRecord (HKLM-x32\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon Pro9000 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000) (Version: - )
Canon Pro9000 User Registration (HKLM-x32\...\Canon Pro9000 User Registration) (Version: - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}) (Version: 0.9.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}) (Version: 0.9.0 - Canon)
Canon Setup Utility 2.1 (HKLM-x32\...\Canon Setup Utility 2.1) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version: - )
Canon Utilities Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: - )
Canon Utilities File Viewer Utility 1.3 (HKLM-x32\...\InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}) (Version: 1.3.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM-x32\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}) (Version: 2.7.5 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.05.01148 - CISRA)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core (HKLM\...\{4FF97BB8-1018-4FBD-B28E-D30A5F211ED8}) (Version: 1.2.1043 - Webroot) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell KM713 Wireless Keyboard software (HKLM-x32\...\{AF6CD1CF-11E8-4C9F-9644-1A469A499E50}) (Version: 1.0.3.120608 - Dell)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\{3A0ECCB6-1034-440E-8672-C4E14CCB7689}) (Version: 3.10.1.23 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.6 - DELL)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-218343863-661377091-144714471-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7599 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RogueKiller version 12.13.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.4.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.21034.7 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.21034.7 - Samsung Electronics Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax Business 2020 (HKLM-x32\...\TurboTax Business 2020) (Version: 2020.0 - Intuit, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.30.75 - Webroot)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Wondershare Filmora9(Build 9.3.7) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-218343863-661377091-144714471-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Revel -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeRe vel_1.5.101.6_x64__ynb6jyjzte8ga [2014-12-09] (Adobe Systems Incorporated)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility _3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral __htrsf667h5kn2 [2016-05-28] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.10.4.0_x64__htrsf667h5kn2 [2021-08-11] (Dell Inc)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1 618n3s9xq8tw [2014-12-09] (eBay, Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1. 234.0_x64__v10z8vjag6ke6 [2021-07-24] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_ 2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4 .336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3 .0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x 64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-03-13] (Microsoft Corporation)
S Note -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.5297316 B03CEE_5.2.3.0_x64__3c1yjt4zspk6g [2019-07-27] (Samsung Electronics Co. Ltd.)
SupportAssist Driver Update -> C:\Program Files\WindowsApps\DriverToaster_1.5.0.0_x86__rqs2n t378nwsp [2021-01-18] (Dell Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral __wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
Webroot Web Threat Shield -> C:\Program Files\WindowsApps\68D6D712.Webroot.WebThreatShield .UWP.Edge_1.10.20077.0_x64__3n9w82bea0x6e [2020-03-26] (Webroot Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2021-08-11] (Webroot Inc. -> Webroot)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2021-08-11] (Webroot Inc. -> Webroot)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Netw ork Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Googl e Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-03-28 18:21 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-28 18:21 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-01 17:25 - 2011-08-22 10:15 - 000028672 _____ () [File not signed] C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCTR.DLL
2020-12-09 18:19 - 2021-04-23 16:32 - 003118592 _____ () [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\av.dll
2020-03-24 17:14 - 2020-10-23 17:26 - 100699136 _____ () [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\libcef.dll
2020-03-24 17:14 - 2020-10-23 09:56 - 000310784 _____ () [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\libegl.dll
2020-03-24 17:14 - 2020-10-23 09:56 - 006972416 _____ () [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\libglesv2.dll
2020-03-24 17:14 - 2020-03-10 15:51 - 001693184 _____ () [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\tag.dll
2020-03-24 17:14 - 2021-04-23 16:32 - 020022784 _____ (Amazon Services LLC) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\dmengine.dll
2010-03-08 00:27 - 2010-03-08 00:27 - 000578048 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\1418490716\ee\AOLSvcMgr.dll
2010-01-05 23:19 - 2010-01-05 23:19 - 000176640 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\AOLDiag\tbdiag.dll
2008-11-04 11:46 - 2008-11-04 11:46 - 000835584 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1418490716\ee\coolcore54.dll
2010-05-02 20:23 - 2010-05-02 20:23 - 000155648 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\aolsystrayservice \ver4_1_2_1\AOLSysTrayService.dll
2008-10-17 09:48 - 2008-10-17 09:48 - 000104448 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\connection\ver7_1 _2_1\connection.dll
2008-10-03 11:28 - 2008-10-03 11:28 - 000317440 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\localStorage\ver8 _1_1_1\clsSvc.dll
2008-10-03 13:29 - 2008-10-03 13:29 - 000256000 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\metrics\ver4_1_11 _1\cmls.dll
2008-10-03 12:49 - 2008-10-03 12:49 - 000130560 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\notification\ver7 _1_1_1\Notify.dll
2006-09-21 08:18 - 2006-09-21 08:18 - 000005632 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\os\ver5_2_1_1\AOL IdleMon.dll
2006-09-21 08:19 - 2006-09-21 08:19 - 000180736 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\os\ver5_2_1_1\OS. dll
2008-10-03 14:13 - 2008-10-03 14:13 - 000163840 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\osInfo\ver2_1_1_1 \OSInfo.dll
2008-10-03 13:16 - 2008-10-03 13:16 - 000094720 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\preferences\ver6_ 1_1_1\preferences.dll
2007-09-07 08:46 - 2007-09-07 08:46 - 000281600 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1418490716\ee\services\suiteFramework\ve r5_1_4_1\suiteFramework.dll
2007-03-19 19:48 - 2007-03-19 19:48 - 000249856 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1418490716\ee\xprt5.dll
2009-12-11 10:17 - 2009-12-11 10:17 - 000248832 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1418490716\ee\xprt6.dll
2014-12-11 19:45 - 2010-09-09 15:36 - 000319488 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2014-12-11 18:01 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2020-03-24 17:14 - 2020-04-02 09:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\QtCore4.dll
2020-03-24 17:14 - 2020-04-02 09:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\QtGui4.dll
2020-03-24 17:14 - 2020-04-02 09:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\QtNetwork4.dll
2020-03-24 17:14 - 2021-04-23 16:32 - 007793664 _____ (Google LLC) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\widevine_cdm_secured_win.dll
2021-07-24 11:26 - 2021-07-24 11:26 - 103578624 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1. 234.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-04-02 20:03 - 2021-04-02 20:03 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1. 234.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2018-03-20 13:25 - 2018-03-20 13:25 - 000099840 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Inter op.dll
2020-03-24 17:14 - 2020-10-23 10:14 - 000822272 _____ (The Chromium Authors) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\chrome_elf.dll
2020-03-24 17:14 - 2021-07-21 13:14 - 000111772 _____ (Un4seen Developments) [File not signed] C:\Users\Ed\AppData\Local\Amazon Music\bass.dll
2020-03-28 18:21 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Ed\Desktop\Bank Statement.jpeg:3or4kl4x13tuuug3Byamue2s4b [109]
AlternateDataStreams: C:\Users\Ed\Desktop\Bank Statement.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ed\Desktop\Insurance Declaration page.jpeg:3or4kl4x13tuuug3Byamue2s4b [109]
AlternateDataStreams: C:\Users\Ed\Desktop\Insurance Declaration page.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ed\Desktop\Pension Period.jpeg:3or4kl4x13tuuug3Byamue2s4b [109]
AlternateDataStreams: C:\Users\Ed\Desktop\Pension Period.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-218343863-661377091-144714471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/?pc=avmsp&ocid=PerDHP
SearchScopes: HKU\S-1-5-21-218343863-661377091-144714471-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-218343863-661377091-144714471-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-218343863-661377091-144714471-1001\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%System Root%\System32\Wbem;%SYSTEMROOT%\System32\WindowsP owerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-218343863-661377091-144714471-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2731CF77-5A5B-47E8-9FDA-78E0CC950D5F}] => (Allow) C:\Users\Ed\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1AEC0885-FA3F-41C2-80E5-A88546AF3D4F}] => (Allow) C:\Users\Ed\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{35F711C3-410A-4B50-95C4-6F2BB2DAF998}] => (Allow) C:\Users\Ed\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7C54C7A1-9F9F-48E3-894C-7F374C97EB9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2287DCB9-92FA-4B08-A000-37B633104584}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A59890ED-C199-4D83-9F29-0C0AE581E162}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD100CD3-81E9-4921-8455-F3D04549D62D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D1B4BA8-B17A-41D3-AB21-5EDE8BE6E875}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D7765F7C-0A6D-42C4-97E8-B5C7203E5B3A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{AD679B34-5BA9-4ECE-B055-B65CBA0B4335}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7F1089A1-CF67-4F22-90DC-F0C5DEE48350}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{030F2882-12B4-44AF-9BAF-3911F2FD13BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{13CDC502-B7AB-4EB5-AC59-9E3A4C0AF1FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7F1412D9-BAA9-49DB-B1BB-AF51302BEDE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-08-2021 14:46:40 Scheduled Checkpoint
11-08-2021 10:56:20 Windows Modules Installer
11-08-2021 10:59:38 Windows Modules Installer
11-08-2021 11:02:23 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/11/2021 01:09:55 PM) (Source: SecurityCenter) (EventID: 19) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore.

Error: (08/11/2021 12:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.19041.610, time stamp: 0x5d4af3f4
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc000027b
Fault offset: 0x000000000010bd3e
Faulting process id: 0x2760
Faulting application start time: 0x01d7877d4251a904
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 937c1f74-41a1-4e86-be1b-725797f612a7
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1 023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (08/10/2021 12:35:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (08/06/2021 09:18:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.721.6282.0, time stamp: 0x60da0a09
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc0000409
Fault offset: 0x000000000010bd3e
Faulting process id: 0x38ac
Faulting application start time: 0x01d78ade796510ab
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.72 1.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e8323cfe-8b93-4bd5-9890-3e7fcce02ecf
Faulting package full name: Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wek yb3d8bbwe
Faulting package-relative application ID: App

Error: (08/05/2021 12:32:24 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/03/2021 12:41:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (08/03/2021 11:52:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (08/02/2021 02:31:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.721.6282.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6c

Start Time: 01d78780ce114d54

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.72 1.6282.0_x64__8wekyb3d8bbwe\GameBar.exe

Report Id: a9904776-7547-48ff-ac06-ce172242519c

Faulting package full name: Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wek yb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce


System errors:
=============
Error: (08/11/2021 01:19:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (08/11/2021 01:17:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Data Vault Processor service hung on starting.

Error: (08/11/2021 01:15:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (08/11/2021 01:05:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The WRSVC service did not shut down properly after receiving a preshutdown control.

Error: (08/11/2021 01:05:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVG Antivirus service did not shut down properly after receiving a preshutdown control.

Error: (08/03/2021 12:33:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/03/2021 12:33:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/02/2021 02:04:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Hardware Support service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===============
Date: 2021-08-11 13:22:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Fra mework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\WRDll.x86 .dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A05 01/03/2014
Motherboard: Dell Inc. 08NG84
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 63%
Total physical RAM: 8109.69 MB
Available physical RAM: 2997.78 MB
Total Virtual: 9389.69 MB
Available Virtual: 3016.94 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.17 GB) (Free:510.49 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive x: () (Fixed) (Total:0.86 GB) (Free:0.4 GB) NTFS

\\?\Volume{b8022f8d-dfab-4fca-b070-f2dbec73584a}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.4 GB) NTFS
\\?\Volume{50b2f92b-5947-4a2f-b652-39437a41d01c}\ (PBR Image) (Fixed) (Total:10.1 GB) (Free:0.68 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 931.5 GB) (Disk ID: EA87E4A6)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote
  #7  
Old August 12th, 2021, 07:28 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,155
No malware to be seen. Try temporarily disabling AVG, and then Webroot. See if some recent update to them is causing problems.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 05:59 AM.