[RESOLVED] Dell Inspiron 17 running slow
Page 1 of 3 123 LastLast
Results 1 to 15 of 34

Thread: [RESOLVED] Dell Inspiron 17 running slow

  1. #1
    Join Date
    Apr 2021
    Posts
    24

    Resolved [RESOLVED] Dell Inspiron 17 running slow

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2021
    Ran by Kevin (administrator) on MAC (Dell Inc. Inspiron 17 7000 Series 7746) (14-04-2021 21:24:31)
    Running from C:\Users\Kevin\Desktop
    Loaded Profiles: Kevin
    Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Autodesk, Inc. -> ) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Dassault Systèmes) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
    (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
    (Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\VSSX64.exe
    (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\quickset.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Entertainment Experience LLC -> ) C:\Program Files\TrueColor\TrueColorALS.exe
    (Entertainment Experience LLC -> Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
    (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
    (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBar.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <3>
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Provo Craft & Novelty, Inc. -> Cricut, Inc.) C:\Users\Kevin\AppData\Roaming\Cricut Design Space\Web\taskbar-application-win32\Release\CricutTaskbarApplication.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
    (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Zoom Information Inc. -> ) C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\coordinator.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel® Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3859968 2014-10-07] (Dell Inc.) [File not signed]
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [2799784 2014-09-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
    HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-12-25] (Entertainment Experience LLC -> Entertainment Experience)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc. -> Apple Inc.)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [605952 2014-07-30] (Waves Inc -> Waves Audio Ltd.)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare software CO., LIMITED -> Wondershare)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Run: [ZoomInfo Contact Contributor] => C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2020-08-04] () [File not signed]
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90951544 2020-09-08] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-03-09] (Support.com Inc -> SUPERAntiSpyware)
    HKLM\...\Print\Monitors\EPSON WF-2650 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBMBE.DLL [179712 2013-12-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [493568 2014-03-18] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-02] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cricut Taskbar Application.lnk [2019-04-20]
    ShortcutTarget: Cricut Taskbar Application.lnk -> C:\Users\Kevin\AppData\Roaming\Cricut Design Space\Web\taskbar-application-win32\Release\CricutTaskbarApplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
    Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cricut Taskbar Application.lnk [2020-01-19]
    ShortcutTarget: Cricut Taskbar Application.lnk -> C:\Users\Kevin\AppData\Roaming\Cricut Design Space\Web\taskbar-application-win32\Release\CricutTaskbarApplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02B0A2AD-0972-48F7-B1D4-928FC214D0E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {06636855-088E-4EEC-8FDD-53DD6A2292FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {076B2C47-D697-427A-8ACF-6210770BF738} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
    Task: {07F11A6B-C394-4C83-8DB4-FC157D807B52} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
    Task: {0FBFDA9F-BF15-43BB-8DB7-83E1CD356E85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-18] (Google Inc -> Google Inc.)
    Task: {13924255-5760-40F9-9A5A-E7B6F89940A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {154397B0-9E05-40FE-9C62-4FE214B53054} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {161A1EE0-1C9B-4381-9BC6-9609A3CE9B1C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    Task: {19DA0505-3428-4A35-96E8-83E44288C770} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-18] (Google Inc -> Google Inc.)
    Task: {1E2C9A91-8CD4-40AB-AA5D-E5711BAD4FB9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {1E844678-5E4F-4B41-BD6B-6ACD96272D33} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {231977FB-009F-4435-B6CB-12EBF6470F1E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {2A216410-363F-4EDF-A2A9-8E9D05444620} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {358A93C4-976E-465A-BB3B-7F638C8CCEAB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {35BF08C4-2CC6-4A27-82FB-26F475D74501} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {425E04B3-2738-4010-B96D-163B098EAF56} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {4FC1F1D0-1BA5-45EE-9160-0D69E1FFFAE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {51132DE9-0467-4826-8444-FBD9DF001CE0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {585FA7B3-65F7-4A8F-8EFD-337D74921ED8} - System32\Tasks\G2MUpdateTask-S-1-5-21-3840463180-259134987-2718017145-1001 => C:\Users\Kevin\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {5A5EFFBB-D0E7-453E-9025-DD9FCA23D8B4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {5E6EACA6-005E-407C-8728-F6A069C50503} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6039EC3A-3DD8-49C2-9E66-900B8579A486} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {61FE512B-D3A2-43EB-9870-8CF8DA62224A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
    Task: {629BB22C-D7D0-43B6-8167-2D425AB83318} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
    Task: {89BFFEC1-FA8B-4BD6-AE7C-F44C4A238C7A} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
    Task: {96D00D1B-DA0F-4834-B64A-102FAAB01F5E} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc)
    Task: {A2824CA7-A5E7-4855-B314-E4410D03DB52} - \WPD\SqmUpload_S-1-5-21-3840463180-259134987-2718017145-1001 -> No File <==== ATTENTION
    Task: {A321898C-45BB-4F43-8DBD-0EA360F1BC54} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
    Task: {A329E17C-07A7-474F-BCFB-D970BA57A276} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
    Task: {AB2497F9-9931-4214-98E0-8DBC70FE0A2C} - System32\Tasks\G2MUploadTask-S-1-5-21-3840463180-259134987-2718017145-1001 => C:\Users\Kevin\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {ABF648AC-E34C-4DBD-9DDD-4B2830337DE6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)
    Task: {AFA8A7A3-12CA-489F-B22F-E3B07E8FB137} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B8798CE3-0559-46B6-A410-7089683C4889} - System32\Tasks\SUPERAntiSpyware Scheduled Task c7678fdf-6c0a-4904-a452-d3e0591d7f08 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:c7678fdf-6c0a-4904-a452-d3e0591d7f08
    Task: {BF02F1ED-D196-4BFA-A8F9-5AB641A63471} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {C277A910-C35A-4DCA-9AF8-A82A3615441B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C313DF04-EC4C-421C-A0BD-753CE89998CC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {C3343159-9DDB-43F7-97A1-B84399599042} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    Task: {C36EF305-15A6-4DC2-A51C-D458BBA69B44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {C456F1EA-4C6F-482D-933D-A4748021701C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {D854E967-9B48-4010-BDFA-0EEF4B7C5BB4} - System32\Tasks\EPSON WF-2650 Series Update {8B305BCB-CE73-48EE-834D-3FFFF4261B0B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    Task: {EE76F59F-3828-44AB-B65E-1C65AB694640} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Task: {EEBAD564-DD6E-441D-816F-04695485E731} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1120136 2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F194A955-236A-418B-9C1C-AE9C0B2473E7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
    Task: {F3F92DF4-4025-4098-AE1A-EC1F4840BF3F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {F40B4B6C-514F-49A6-97EE-3C2DB2F15665} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7d8c551d-a8d8-4c08-8c28-c79634f187a2 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:7d8c551d-a8d8-4c08-8c28-c79634f187a2
    Task: {F666CDF6-88B2-4B83-9F01-0CB7C9348154} - System32\Tasks\EPSON WF-2650 Series Update {4F616683-5A0C-4EB3-B6CE-41B7A160F1DC} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    Task: {F750B35F-EFCA-420D-8678-DC99BCBAAA58} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F95CBABA-3CF1-481D-B574-88FA556E587C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FAEE8D0A-6CB9-48CB-94F6-B525763EA92C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-25] (Mozilla Corporation -> Mozilla Foundation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {4F616683-5A0C-4EB3-B6CE-41B7A160F1DC}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{4F616683-5A0C-4EB3-B6CE-41B7A160F1DC} /F:UpdateWORKGROUP\MAC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {8B305BCB-CE73-48EE-834D-3FFFF4261B0B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{8B305BCB-CE73-48EE-834D-3FFFF4261B0B} /F:UpdateWORKGROUP\MAC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3840463180-259134987-2718017145-1001.job => C:\Users\Kevin\AppData\Local\GoToMeeting\19598\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3840463180-259134987-2718017145-1001.job => C:\Users\Kevin\AppData\Local\GoToMeeting\19598\g2mupload.exe
    Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation ServicesWORKGROUP MAC
    Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start My Dell Learning CenterWORKGROUP MAC /
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 7d8c551d-a8d8-4c08-8c28-c79634f187a2.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c7678fdf-6c0a-4904-a452-d3e0591d7f08.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{9b9ae6a9-73ad-4203-920f-f5fd08b78c76}: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
    Tcpip\..\Interfaces\{e3ae2b90-0690-4440-a72a-9cfe47a74652}: [DhcpNameServer] 209.18.47.62 209.18.47.61

    Edge:
    =======
    Edge HomeButtonPage: HKU\S-1-5-21-3840463180-259134987-2718017145-1001 -> hxxp://www.yahoo.com/
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Kevin\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-14]
    Edge Notifications: Default -> hxxps://www.tradingview.com
    Edge HomePage: Default -> hxxp://www.yahoo.com/

    FireFox:
    ========
    FF DefaultProfile: bostehxn.default
    FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\bostehxn.default [2021-04-14]
    FF Homepage: Mozilla\Firefox\Profiles\bostehxn.default -> www.yahoo.com
    FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\bostehxn.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-04-13]
    FF Extension: (Avast Online Security) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\bostehxn.default\Extensions\wrc@avast.com.xpi [2021-02-17]
    FF SearchPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\bostehxn.default\searchplugins\search-provided-by-bing.xml [2015-12-13]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] (Apple Inc. -> )
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
    FF Plugin HKU\S-1-5-21-3840463180-259134987-2718017145-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Kevin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-04] (Citrix Online -> Citrix Online)
    FF Plugin HKU\S-1-5-21-3840463180-259134987-2718017145-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2021-04-05] (TD Ameritrade -> TD Ameritrade)
    FF Plugin HKU\S-1-5-21-3840463180-259134987-2718017145-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2021-04-05] (TD Ameritrade -> TD Ameritrade)

    Chrome:
    =======
    CHR DefaultProfile: Profile 2
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
    CHR StartupUrls: Default -> "hxxp://www.drudgereport.com/","hxxps://weather.com/weather/radar/interactive/l/45323:4:US","hxxp://www.facebook.com/","hxxps://www.google.com/#q=speed+test","hxxp://www.youtube.com/","hxxp://www.twitter.com/","hxxp://www.foxnews.com/"
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-03-23]
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-06]
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-04-14]
    CHR Notifications: Profile 2 -> hxxps://mail.google.com; hxxps://twitter.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.tradingview.com; hxxps://www.youtube.com
    CHR StartupUrls: Profile 2 -> "hxxps://twitter.com/login?redirect_after_login=%2Fhome","hxxps://www.forexfactory.com/calendar.php?week","hxxps://www.youtube.com/","hxxps://www.cftc.gov/MarketReports/CommitmentsofTraders/index.htm","hxxps://www.reuters.tv/","hxxps://finance.yahoo.com/","hxxps://finviz.com/","hxxps://fred.stlouisfed.org/series/DBAA#","hxxps://www.otcmarkets.com/research/stock-screener"
    CHR Extension: (Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
    CHR Extension: (Ledger Manager) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2020-07-24]
    CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-03]
    CHR Extension: (Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-21]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-04-14]
    CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2020-07-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2021-03-06]
    CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
    CHR Extension: (Chrome Media Router) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-17]
    CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-23]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
    S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] (Autodesk, Inc. -> )
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-01-16] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
    S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc -> Dell Inc.)
    S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.)
    R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [125440 2016-03-17] (Dassault Systèmes) [File not signed]
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-18] (Malwarebytes Inc -> Malwarebytes)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink Corp. -> CyberLink)
    R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (Dell Inc. -> SoftThinks SAS)
    R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
    R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2014-12-25] (Entertainment Experience LLC -> )
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-04-11] (Malwarebytes Inc -> Malwarebytes)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-04-14 20:57 - 2021-04-14 21:24 - 000081616 _____ C:\Users\Kevin\Desktop\Addition.txt
    2021-04-14 20:16 - 2021-04-14 21:27 - 000040052 _____ C:\Users\Kevin\Desktop\FRST.txt
    2021-04-14 20:11 - 2021-04-14 20:11 - 002298368 _____ (Farbar) C:\Users\Kevin\Desktop\FRST64.exe
    2021-04-14 20:03 - 2021-04-14 20:04 - 000000000 ____D C:\WINDOWS\LastGood
    2021-04-14 05:41 - 2021-04-14 19:55 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\Ledger Live
    2021-04-14 05:41 - 2021-04-14 05:41 - 000001902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Live.lnk
    2021-04-14 05:41 - 2021-04-14 05:41 - 000001890 _____ C:\Users\Public\Desktop\Ledger Live.lnk
    2021-04-14 05:41 - 2021-04-14 05:41 - 000001890 _____ C:\ProgramData\Desktop\Ledger Live.lnk
    2021-04-14 05:41 - 2021-04-14 05:41 - 000000000 ____D C:\Users\Kevin\AppData\Local\ledger-live-desktop-updater
    2021-04-14 05:41 - 2021-04-14 05:41 - 000000000 ____D C:\Program Files\Ledger Live
    2021-04-14 05:40 - 2021-04-14 05:40 - 108584160 _____ (Ledger Live Team) C:\Users\Kevin\Downloads\ledger-live-desktop-2.25.1-win.exe
    2021-04-13 21:09 - 2021-04-13 21:09 - 000000000 ____D C:\Users\Kevin\AppData\Local\exodus
    2021-04-13 21:08 - 2021-04-13 21:08 - 113658680 _____ (Exodus Movement Inc) C:\Users\Kevin\Downloads\exodus-windows-x64-21.4.12.exe
    2021-04-11 18:21 - 2021-04-11 18:21 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2021-04-11 18:20 - 2021-04-11 18:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-04-11 18:20 - 2021-04-11 18:20 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-04-11 18:20 - 2021-04-11 18:20 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-04-11 18:20 - 2021-04-11 18:20 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-04-07 18:39 - 2021-04-07 18:39 - 002543174 _____ C:\Users\Kevin\Downloads\My Career Story Workbook.pdf
    2021-03-26 20:08 - 2021-03-26 20:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-03-25 19:35 - 2021-03-26 23:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-04-14 21:27 - 2016-06-19 09:09 - 000000000 ____D C:\FRST
    2021-04-14 21:25 - 2015-09-09 18:18 - 000000000 ____D C:\Users\Kevin\Documents\Outlook Files
    2021-04-14 21:24 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-04-14 21:16 - 2015-06-17 18:25 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2021-04-14 21:12 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-04-14 21:11 - 2020-06-16 22:44 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-04-14 21:11 - 2020-06-16 22:44 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-04-14 21:11 - 2020-06-16 22:44 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2021-04-14 21:11 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-04-14 20:34 - 2015-06-25 05:44 - 000000000 ____D C:\Program Files\CCleaner
    2021-04-14 20:32 - 2020-08-28 00:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-04-14 20:19 - 2015-06-23 18:57 - 000000000 ____D C:\ProgramData\softthinks
    2021-04-14 20:09 - 2020-08-28 00:27 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-04-14 20:09 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
    2021-04-14 20:07 - 2017-01-14 22:17 - 000000000 ____D C:\Users\Kevin\AppData\LocalLow\Mozilla
    2021-04-14 20:07 - 2015-06-27 19:23 - 000000000 ____D C:\ProgramData\Mozilla
    2021-04-14 20:04 - 2017-05-31 23:40 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2021-04-14 20:04 - 2015-06-23 18:50 - 000000000 __SHD C:\Users\Kevin\IntelGraphicsProfiles
    2021-04-14 20:01 - 2020-08-28 01:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-04-14 20:01 - 2015-11-04 20:02 - 000000642 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3840463180-259134987-2718017145-1001.job
    2021-04-14 20:01 - 2015-11-04 20:02 - 000000546 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3840463180-259134987-2718017145-1001.job
    2021-04-14 20:00 - 2020-08-07 19:25 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-04-14 19:42 - 2020-08-28 01:12 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{887EED0E-162F-4F02-BDE0-20B26C8A305F}
    2021-04-14 19:40 - 2017-12-31 16:15 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\Exodus
    2021-04-14 19:34 - 2020-08-28 01:12 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-04-13 21:09 - 2018-01-01 13:18 - 000002260 _____ C:\Users\Kevin\Desktop\Exodus.lnk
    2021-04-13 21:09 - 2017-12-31 16:15 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
    2021-04-13 21:09 - 2017-12-31 16:15 - 000000000 ____D C:\Users\Kevin\AppData\Local\SquirrelTemp
    2021-04-13 20:56 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-04-13 01:17 - 2020-08-28 01:12 - 000003786 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-3840463180-259134987-2718017145-1001
    2021-04-13 01:17 - 2020-08-28 01:12 - 000003690 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-3840463180-259134987-2718017145-1001
    2021-04-13 01:17 - 2017-07-09 04:41 - 000000000 ____D C:\Users\Kevin\AppData\Local\GoToMeeting
    2021-04-12 20:51 - 2020-08-28 01:12 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-04-12 20:51 - 2020-08-28 01:12 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-04-12 05:19 - 2020-08-28 01:12 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3840463180-259134987-2718017145-1001
    2021-04-12 05:18 - 2020-08-28 00:13 - 000002400 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-04-12 05:18 - 2015-06-23 18:53 - 000000000 ___RD C:\Users\Kevin\OneDrive
    2021-04-11 20:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2021-04-11 20:17 - 2015-06-17 18:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2021-04-11 20:02 - 2015-12-11 22:33 - 000000000 ____D C:\Users\Kevin\.thinkorswim
    2021-04-11 18:19 - 2020-12-18 22:35 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2021-04-11 17:13 - 2015-12-11 22:32 - 000000000 ____D C:\Program Files\thinkorswim
    2021-04-11 06:07 - 2018-03-23 13:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-04-08 20:19 - 2017-10-16 22:24 - 000000000 ____D C:\Program Files (x86)\LMFX MetaTrader 4 Terminal
    2021-04-02 04:22 - 2016-06-18 19:17 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-04-02 04:22 - 2016-06-18 19:17 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-04-02 04:22 - 2016-06-18 19:17 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2021-03-30 04:44 - 2018-07-07 20:34 - 000000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
    2021-03-26 23:01 - 2020-08-28 01:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2021-03-26 23:00 - 2015-06-27 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-03-26 22:59 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2021-03-26 20:08 - 2015-06-27 19:24 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-03-23 20:38 - 2020-08-28 00:13 - 000000000 ____D C:\Users\Kevin

    ==================== Files in the root of some directories ========

    2017-03-29 22:27 - 2017-03-29 22:41 - 000000132 _____ () C:\Users\Kevin\AppData\Roaming\Adobe GIF Format CS5 Prefs
    2018-07-07 17:47 - 2018-07-07 18:56 - 000001137 _____ () C:\Users\Kevin\AppData\Roaming\apps.txt
    2017-03-29 22:45 - 2017-03-30 18:25 - 000001456 _____ () C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
    2018-01-01 13:28 - 2018-01-01 13:28 - 000000722 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel
    2021-03-14 15:06 - 2021-03-14 15:06 - 000000017 _____ () C:\Users\Kevin\AppData\Local\resmon.resmoncfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===================================

    I still need second log from FRST.

  3. #3
    Join Date
    Apr 2021
    Posts
    24
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
    Ran by Kevin (14-04-2021 21:29:09)
    Running from C:\Users\Kevin\Desktop
    Windows 10 Home Version 2004 19041.867 (X64) (2020-08-28 05:13:16)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3840463180-259134987-2718017145-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3840463180-259134987-2718017145-503 - Limited - Disabled)
    Guest (S-1-5-21-3840463180-259134987-2718017145-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3840463180-259134987-2718017145-1003 - Limited - Enabled)
    Kevin (S-1-5-21-3840463180-259134987-2718017145-1001 - Administrator - Enabled) => C:\Users\Kevin
    WDAGUtilityAccount (S-1-5-21-3840463180-259134987-2718017145-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    AutoCAD 2012 - English (HKLM\...\{5783F2D7-A001-0409-0102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
    AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
    Autodesk Inventor Fusion 2012 (HKLM\...\{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
    Autodesk Inventor Fusion 2012 Language Pack (HKLM\...\{FFF7F80F-929E-497F-A112-B070DE816128}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}) (Version: 0.0.1.138 - Autodesk) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (HKLM\...\{E552C39C-C70E-464F-9733-8311331BDD90}) (Version: 0.0.1.138 - Autodesk) Hidden
    Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    Cricut Design Space (HKLM-x32\...\Cricut Design Space 0.5102.110) (Version: 4.0.97 - Cricut, Inc.)
    Cricut Design Space (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 5.3.25 - Cricut, Inc.)
    Cricut Design Space (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Cricut Design Space 4.6.4) (Version: 4.6.4 - Cricut, Inc.)
    Cricut Design Space Client (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Cricut Design Space Client) (Version: 5.5.0.7 - Provo Craft)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.16 - NCH Software)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
    Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
    Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
    Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
    DraftSight 2016 SP1 x64 (HKLM\...\{2FB54525-FF66-4482-84B9-7B8AB671686D}) (Version: 16.1.4089 - Dassault Systemes)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    Email Extractor (HKLM-x32\...\{823E4DD2-B84C-40A1-B7BE-CB56DE583456}) (Version: 6.6.1.1 - Pro Software) Hidden
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
    EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-2650 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2650 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
    Exodus (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\exodus) (Version: 21.4.12 - Exodus Movement Inc)
    FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
    FOREX.com US (HKLM-x32\...\FOREX.com US) (Version: 4.00 - MetaQuotes Software Corp.)
    FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
    GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
    IG MetaTrader 4 Terminal (HKLM-x32\...\IG MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{e3d22965-5c2d-48c8-acec-c2ba2d50b275}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.24 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Ledger Live 2.25.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.25.1 - Ledger Live Team)
    Ledger Wallet Ripple version 1.0.3 (HKLM-x32\...\{2A226916-F20B-403D-B564-F2CF5CF8CEF8}_is1) (Version: 1.0.3 - Ledger)
    LMFX MetaTrader 4 Terminal (HKLM-x32\...\LMFX MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
    Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.4616.61 - Waves Audio Ltd.) Hidden
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
    Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.76 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.76 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movavi Screen Capture Studio 9 (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Movavi Screen Capture Studio 9) (Version: 9.5.0 - Movavi)
    Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 87.0.0.7747 - Mozilla)
    MT4 Berndale Capital (HKLM-x32\...\MT4 Berndale Capital) (Version: 4.00 - MetaQuotes Software Corp.)
    NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.26 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21261 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Skype version 8.64 (HKLM-x32\...\Skype_is1) (Version: 8.64 - Skype Technologies S.A.)
    SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1040 - SUPERAntiSpyware.com)
    Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.19260 - Microsoft Corporation)
    thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    True Color (HKLM\...\{33D499E3-73E8-44D5-8D1F-FEA39535E9F2}) (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
    True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software)
    Visual Trader Studio Connect (HKLM-x32\...\{10ABA22F-E130-46F0-900C-2CE5852462D2}) (Version: 4.00.0080 - iExpertAdvisor)
    Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports (08/01/2016 1.3.0.0) (HKLM\...\17736CDD02DF8CFDD0CC1097668A82C013C969F3) (Version: 08/01/2016 1.3.0.0 - Provo Craft & Novelty, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
    Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.1.0 - Wondershare Software Co.,Ltd.)
    ZoomInfo Contact Contributor (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\ZoomInfo Contact Contributor) (Version: 59 - )

    Packages:
    =========
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
    Calculator+ HD -> C:\Program Files\WindowsApps\3718.12514FB00DC68_5.2.11.0_x64__8aydmnc5fg7fe [2019-12-08] (陈仁松) [MS Ad]
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2000.2.0_x86__kgqvnymyfvs32 [2021-04-14] (king.com)
    Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-28] (Dell Inc)
    Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-01-16] (Dell Inc)
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-20] (Dolby Laboratories)
    Easy Movie Maker -> C:\Program Files\WindowsApps\34697joal.EasyMovieMaker_2.5.21.0_x64__7xtp3aa6dt786 [2021-03-21] (joal)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-24] (AMZN Mobile LLC)
    McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2018-03-26] (McAfee Inc)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
    Movie Maker : Free Video Editor -> C:\Program Files\WindowsApps\39691Videopix.MovieMakerFreeVideoEditor_1.1.81.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation)
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    NCAA® March Madness® Live -> C:\Program Files\WindowsApps\NCAADigital.NCAAMarchMadnessLive_6.0.54.0_x64__kw215ntkhpaf6 [2019-03-18] (Turner Sports Interactive Inc)
    NFL Fantasy Football -> C:\Program Files\WindowsApps\NFLEnterprisesLLC.NFLFantasyFootball_17.9.28.0_neutral__fdrtsdpy8475t [2017-11-18] (NFL Enterprises LLC)
    Perfect365 -> C:\Program Files\WindowsApps\A6B6C710.Perfect365_2.0.0.15_x86__yf4gd00d4hswa [2016-01-24] (ArcSoft, Inc.)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]
    Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.7.0.0_x64__t4vj0pshhgkwm [2021-03-21] (Telegram Messenger LLP)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2011-01-14] (Autodesk, Inc -> Autodesk) [File not signed]
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-18] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-18] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Kevin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=beimhnaefocolcplfimocfiaiefpkgbf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

  4. #4
    Join Date
    Apr 2021
    Posts
    24
    I tried posting the Additional Scan and it was too big. I then cut half of it and submitted the first half of the additional scan. Once I hear back from you I'll post the rest.

  5. #5
    Join Date
    Apr 2021
    Posts
    24
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
    Ran by Kevin (14-04-2021 21:29:09)
    Running from C:\Users\Kevin\Desktop
    Windows 10 Home Version 2004 19041.867 (X64) (2020-08-28 05:13:16)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3840463180-259134987-2718017145-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3840463180-259134987-2718017145-503 - Limited - Disabled)
    Guest (S-1-5-21-3840463180-259134987-2718017145-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3840463180-259134987-2718017145-1003 - Limited - Enabled)
    Kevin (S-1-5-21-3840463180-259134987-2718017145-1001 - Administrator - Enabled) => C:\Users\Kevin
    WDAGUtilityAccount (S-1-5-21-3840463180-259134987-2718017145-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    AutoCAD 2012 - English (HKLM\...\{5783F2D7-A001-0409-0102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
    AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
    Autodesk Inventor Fusion 2012 (HKLM\...\{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
    Autodesk Inventor Fusion 2012 Language Pack (HKLM\...\{FFF7F80F-929E-497F-A112-B070DE816128}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}) (Version: 0.0.1.138 - Autodesk) Hidden
    Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (HKLM\...\{E552C39C-C70E-464F-9733-8311331BDD90}) (Version: 0.0.1.138 - Autodesk) Hidden
    Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    Cricut Design Space (HKLM-x32\...\Cricut Design Space 0.5102.110) (Version: 4.0.97 - Cricut, Inc.)
    Cricut Design Space (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 5.3.25 - Cricut, Inc.)
    Cricut Design Space (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Cricut Design Space 4.6.4) (Version: 4.6.4 - Cricut, Inc.)
    Cricut Design Space Client (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Cricut Design Space Client) (Version: 5.5.0.7 - Provo Craft)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.16 - NCH Software)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
    Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
    Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
    Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
    Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
    DraftSight 2016 SP1 x64 (HKLM\...\{2FB54525-FF66-4482-84B9-7B8AB671686D}) (Version: 16.1.4089 - Dassault Systemes)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    Email Extractor (HKLM-x32\...\{823E4DD2-B84C-40A1-B7BE-CB56DE583456}) (Version: 6.6.1.1 - Pro Software) Hidden
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
    EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-2650 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2650 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
    Exodus (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\exodus) (Version: 21.4.12 - Exodus Movement Inc)
    FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
    FOREX.com US (HKLM-x32\...\FOREX.com US) (Version: 4.00 - MetaQuotes Software Corp.)
    FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
    GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
    IG MetaTrader 4 Terminal (HKLM-x32\...\IG MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{e3d22965-5c2d-48c8-acec-c2ba2d50b275}) (Version: 10.0.22 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.24 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Ledger Live 2.25.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.25.1 - Ledger Live Team)
    Ledger Wallet Ripple version 1.0.3 (HKLM-x32\...\{2A226916-F20B-403D-B564-F2CF5CF8CEF8}_is1) (Version: 1.0.3 - Ledger)
    LMFX MetaTrader 4 Terminal (HKLM-x32\...\LMFX MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
    Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.4616.61 - Waves Audio Ltd.) Hidden
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
    Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.76 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.76 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movavi Screen Capture Studio 9 (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\Movavi Screen Capture Studio 9) (Version: 9.5.0 - Movavi)
    Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 87.0.0.7747 - Mozilla)
    MT4 Berndale Capital (HKLM-x32\...\MT4 Berndale Capital) (Version: 4.00 - MetaQuotes Software Corp.)
    NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.26 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21261 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Skype version 8.64 (HKLM-x32\...\Skype_is1) (Version: 8.64 - Skype Technologies S.A.)
    SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1040 - SUPERAntiSpyware.com)
    Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.19260 - Microsoft Corporation)
    thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    True Color (HKLM\...\{33D499E3-73E8-44D5-8D1F-FEA39535E9F2}) (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
    True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.01 - NCH Software)
    Visual Trader Studio Connect (HKLM-x32\...\{10ABA22F-E130-46F0-900C-2CE5852462D2}) (Version: 4.00.0080 - iExpertAdvisor)
    Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports (08/01/2016 1.3.0.0) (HKLM\...\17736CDD02DF8CFDD0CC1097668A82C013C969F3) (Version: 08/01/2016 1.3.0.0 - Provo Craft & Novelty, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
    Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.1.0 - Wondershare Software Co.,Ltd.)
    ZoomInfo Contact Contributor (HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\ZoomInfo Contact Contributor) (Version: 59 - )

    Packages:
    =========
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
    Calculator+ HD -> C:\Program Files\WindowsApps\3718.12514FB00DC68_5.2.11.0_x64__8aydmnc5fg7fe [2019-12-08] (陈仁松) [MS Ad]
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2000.2.0_x86__kgqvnymyfvs32 [2021-04-14] (king.com)
    Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-28] (Dell Inc)
    Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-01-16] (Dell Inc)
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-20] (Dolby Laboratories)
    Easy Movie Maker -> C:\Program Files\WindowsApps\34697joal.EasyMovieMaker_2.5.21.0_x64__7xtp3aa6dt786 [2021-03-21] (joal)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-24] (AMZN Mobile LLC)
    McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2018-03-26] (McAfee Inc)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
    Movie Maker : Free Video Editor -> C:\Program Files\WindowsApps\39691Videopix.MovieMakerFreeVideoEditor_1.1.81.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation)
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
    NCAA® March Madness® Live -> C:\Program Files\WindowsApps\NCAADigital.NCAAMarchMadnessLive_6.0.54.0_x64__kw215ntkhpaf6 [2019-03-18] (Turner Sports Interactive Inc)
    NFL Fantasy Football -> C:\Program Files\WindowsApps\NFLEnterprisesLLC.NFLFantasyFootball_17.9.28.0_neutral__fdrtsdpy8475t [2017-11-18] (NFL Enterprises LLC)
    Perfect365 -> C:\Program Files\WindowsApps\A6B6C710.Perfect365_2.0.0.15_x86__yf4gd00d4hswa [2016-01-24] (ArcSoft, Inc.)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]
    Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.7.0.0_x64__t4vj0pshhgkwm [2021-03-21] (Telegram Messenger LLP)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

  6. #6
    Join Date
    Apr 2021
    Posts
    24
    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    CustomCLSID: HKU\S-1-5-21-3840463180-259134987-2718017145-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc -> Autodesk, Inc.) [File not signed]
    ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2011-01-14] (Autodesk, Inc -> Autodesk) [File not signed]
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-18] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-18] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

  7. #7
    Join Date
    Apr 2021
    Posts
    24
    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Kevin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=beimhnaefocolcplfimocfiaiefpkgbf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
    ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

    ==================== Loaded Modules (Whitelisted) =============

    2020-08-26 17:33 - 2020-08-26 17:33 - 000092672 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\_ctypes.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 001093632 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\_hashlib.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000027648 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\_multiprocessing.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000046592 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\_socket.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 001412608 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\_ssl.pyd
    2020-08-26 17:29 - 2020-08-26 17:29 - 000071168 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\bz2.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001665192 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\lib_arpack-.NAOLMBDUCB5HS37DDEMZN5DSFDUEGTBC.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000111875 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\lib_blas_su.5SIDZBJOTYDEVHROQLXNU3SFL52UKCES.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000103938 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libansari.Q4BAGRNANLWD2YZJOKYPOAUIOLXW2LXK.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 001749763 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libbispeu.KX7AQLB2Z5NFTCADW76YV5UMLBQNDALD.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000853215 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libblkdta00.G7DFOXPRUYCHKZD36OT33GQ2ORVWO5CC.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000210335 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libchkder.23IDUBONJEDQJXE3WT2KTJUEFGPJBH5V.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000830326 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libcobyla2.MZIYBZPTVTYIHRT7JCIZN4FNMM5IPWLD.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000060054 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdcsrch.CTD6WPTKUW4MYYPI2KYOJ4427ZGGSXEQ.gfortran-win32.dll
    2020-08-26 17:29 - 2020-08-26 17:29 - 000076482 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdet.4VQO3BOEG2LIWIGMX5ZYCV4PJP35FD7U.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 001752319 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdfitpack.NNY5MV75IL2VASF76FBN6G6X7BM7MWXS.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 002219046 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdgamln.EXHZW7O7OFA5ZY24332CMADP6Z5NX2UF.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000803470 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdop853.ZDB77F5S63EPO7WWG3LICXZSBW2LFM2N.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000966024 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libdqag.MWSTPFMXZZZHBCZ6TPHW6F3HZAJ32GCF.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000282781 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libgetbreak.5TVRI763Q2TESP6OMV3USZBWB2D4A5G3.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000890549 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\liblbfgsb.DIGGQCC2YKWATHMW4EZGS47NQSG6PSJH.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000145658 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libmvndst.OJR73I5E7C44HCOJAKJH2SZO3V6MOMVF.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000735109 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libnnls.GX3LBH56JRQ7JMAOG7UBTDQJYFS6BPRN.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 027758826 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libopenblas.FN5FF57TWHUYLRG54LA6B33EZPHYZZL4.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000196261 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libslsqp_op.CVAJHOQHKECBN7VLKMGEOZQ54GU3YWV7.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000969301 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libspecfun.I7OMDT5L33XVQM2MTW5AACQJUBYEOUFN.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 001018536 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libvode.HJI7FWQUEZLBFLZW4SXVUEIHYXVHYOMQ.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000058299 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libwrap_dum.2SF326B4F6M5554GNXUOMY5R3DTKQYFW.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000143757 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\libwrap_dum.ZR6LJZIT7V4C32YHXQU6YAVN6LOFTZG5.gfortran-win32.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000105472 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.core._multiarray_tests.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001938432 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.core._multiarray_umath.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000066560 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.fft.fftpack_lite.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000108544 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.linalg._umath_linalg.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000012288 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.linalg.lapack_lite.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000630784 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\numpy.random.mtrand.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001186304 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.algos.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000515072 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.groupby.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000124928 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.hashing.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000419840 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.hashtable.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000458240 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.index.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000030208 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.indexing.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000184832 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.internals.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001576960 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.interval.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001735680 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.join.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000057856 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.json.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000323584 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.lib.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000069632 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.missing.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000150528 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.ops.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000365568 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.parsers.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000043520 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.properties.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000194048 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.reduction.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000173056 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.reshape.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000067072 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.skiplist.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000611328 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.sparse.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000050688 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.testing.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000220672 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslib.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000044032 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.ccalendar.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000271360 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.conversion.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000184832 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.fields.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000103424 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.frequencies.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000130560 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.nattype.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000039936 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.np_datetime.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000299520 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.offsets.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000239616 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.parsing.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000328192 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.period.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000192000 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.resolution.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000274432 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.strptime.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000338432 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.timedeltas.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000357376 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.timestamps.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000160256 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.tslibs.timezones.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000477696 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.window.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000152064 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas._libs.writers.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000053760 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas.io.msgpack._packer.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000065536 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas.io.msgpack._unpacker.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000008704 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pandas.util._move.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000397824 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pythoncom27.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 000110592 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\pywintypes27.dll
    2020-08-26 17:31 - 2020-08-26 17:31 - 000047616 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy._lib._ccallback_c.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000028160 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy._lib.messagestream.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000032768 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.integrate._dop.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000016896 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.integrate._odepack.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000024576 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.integrate._quadpack.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000028160 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.integrate.lsoda.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000035840 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.integrate.vode.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000184320 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.interpolate._bspl.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000028672 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.interpolate._fitpack.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000224768 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.interpolate._ppoly.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000115200 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.interpolate.dfitpack.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000234496 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.interpolate.interpnd.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000027648 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.io.matlab.mio_utils.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000137728 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.io.matlab.mio5_utils.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000081408 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.io.matlab.streams.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000221184 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg._decomp_update.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000497664 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg._fblas.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 001120256 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg._flapack.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000036864 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg._flinalg.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000163840 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg._solve_toeplitz.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000174592 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg.cython_blas.pyd
    2020-08-26 17:30 - 2020-08-26 17:30 - 000545792 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.linalg.cython_lapack.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000024576 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._cobyla.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000126464 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._group_columns.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000026624 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._lbfgsb.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000105984 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._lsq.givens_elimination.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000023040 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._minpack.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000021504 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._nnls.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000030208 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._slsqp.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000232448 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._trlib._trlib.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000010752 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize._zeros.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000025088 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize.minpack2.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000035840 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.optimize.moduleTNC.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000322048 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse._csparsetools.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 002079232 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse._sparsetools.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000131072 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.csgraph._min_spanning_tree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000218112 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.csgraph._reordering.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000186880 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.csgraph._shortest_path.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000119296 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.csgraph._tools.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000116736 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.csgraph._traversal.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000261632 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.linalg.dsolve._superlu.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000108544 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.linalg.eigen.arpack._arpack.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000091648 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.sparse.linalg.isolve._iterative.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000042496 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.spatial._distance_wrap.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000122368 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.spatial._hausdorff.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000122368 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.spatial._voronoi.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000345088 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.spatial.ckdtree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000645632 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.spatial.qhull.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000022016 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.special._comb.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000050688 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.special._ellip_harm_2.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000653312 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.special._ufuncs.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000098304 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.special._ufuncs_cxx.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000077312 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.special.specfun.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000266240 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.stats._stats.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000026624 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.stats.mvn.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000022016 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\scipy.stats.statlib.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000010240 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\select.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000011264 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.__check_build._check_build.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000156160 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.ensemble._gradient_boosting.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000072704 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.metrics.cluster.expected_mutual_info_fast.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000159232 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.metrics.pairwise_fast.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000334848 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.neighbors.ball_tree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000211968 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.neighbors.dist_metrics.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000335360 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.neighbors.kd_tree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000091648 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.neighbors.quad_tree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000017408 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.neighbors.typedefs.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000077824 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.tree._criterion.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000091136 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.tree._splitter.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000160768 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.tree._tree.pyd
    2020-08-26 17:31 - 2020-08-26 17:31 - 000060416 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.tree._utils.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000039936 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.utils._logistic_sigmoid.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000071168 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.utils._random.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000016384 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.utils.lgamma.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000065536 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.utils.murmurhash.pyd
    2020-08-26 17:32 - 2020-08-26 17:32 - 000409088 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\sklearn.utils.sparsefuncs_fast.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000687104 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\unicodedata.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000100864 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\win32api.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000049152 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\win32evtlog.pyd
    2020-08-26 17:33 - 2020-08-26 17:33 - 000167936 _____ () [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\win32gui.pyd
    2014-11-14 15:51 - 2014-11-14 15:51 - 000466432 _____ () [File not signed] C:\WINDOWS\system32\DPPPlugin.dll
    2011-01-14 03:12 - 2011-01-14 03:12 - 000592608 _____ (Autodesk, Inc -> Autodesk, Inc.) [File not signed] C:\Program Files\Autodesk\Inventor Fusion 2012\AcSignCore16.dll
    2011-02-03 19:42 - 2011-02-03 19:42 - 000045280 _____ (Autodesk, Inc -> Autodesk, Inc.) [File not signed] C:\Windows\system32\AcSignIcon.dll
    2014-09-18 19:03 - 2014-09-18 19:03 - 004886528 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Core.dll
    2014-09-18 19:04 - 2014-09-18 19:04 - 001060864 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Network.dll
    2014-09-18 19:04 - 2014-09-18 19:04 - 000196608 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Xml.dll
    2014-10-09 15:54 - 2014-10-09 15:54 - 000297472 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
    2014-10-09 15:54 - 2014-10-09 15:54 - 000541696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
    2020-04-18 06:03 - 2020-04-18 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
    2020-04-18 06:03 - 2020-04-18 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
    2015-06-17 18:22 - 2014-09-17 11:10 - 000854680 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
    2020-08-26 17:30 - 2020-08-26 17:30 - 002648064 _____ (Python Software Foundation) [File not signed] C:\Users\Kevin\AppData\Local\ZoomInfoCEUtility\2214\python27.dll
    2018-12-04 13:10 - 2018-12-04 13:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
    2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
    2015-12-17 12:11 - 2015-12-17 12:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
    2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000282624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000446464 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
    2015-11-22 20:11 - 2018-12-26 02:00 - 000389120 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000258048 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
    2015-11-22 20:11 - 2018-12-25 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
    2014-03-18 04:00 - 2014-03-18 04:00 - 000493568 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
    2015-11-22 20:11 - 2018-12-26 02:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
    2014-09-18 17:04 - 2014-09-18 17:04 - 023512540 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icudt52.dll
    2014-09-18 17:04 - 2014-09-18 17:04 - 002281946 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icuin52.dll
    2014-09-18 17:03 - 2014-09-18 17:03 - 001706970 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icuuc52.dll

    ==================== Alternate Data Streams (Whitelisted) ========

  8. #8
    Join Date
    Apr 2021
    Posts
    24
    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\Software\Classes\.scr: AutoCADScriptFile =>

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a761e6bb
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
    SearchScopes: HKU\S-1-5-21-3840463180-259134987-2718017145-1001 -> DefaultScope {7F797493-BB20-4E32-8AD1-BEF98A446D6E} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a761e6bb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3840463180-259134987-2718017145-1001 -> {7F797493-BB20-4E32-8AD1-BEF98A446D6E} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a761e6bb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3840463180-259134987-2718017145-1001 -> {F9DB992E-DAB6-4547-85BB-DF3BA02BB0BF} URL =
    SearchScopes: HKU\S-1-5-21-3840463180-259134987-2718017145-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20150627&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-07-15] (Oracle America, Inc. -> Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-06] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-06] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3840463180-259134987-2718017145-1001\...\sharepoint.com -> hxxps://easyfence-files.sharepoint.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2017-09-10 10:23 - 2020-11-15 16:47 - 000000434 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-3840463180-259134987-2718017145-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\Desktop\Aston.JPG
    DNS Servers: 209.18.47.62 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{CD69E125-8220-409A-A80D-654A79F6F904}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{B48D72D5-B02C-425B-B402-6AB8EFDE8FD0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{4CE4338F-3A74-405E-A001-BB5C4F0D2B6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{2BE29A8D-8A75-43FF-B82E-5E0192BD2F2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [UDP Query User{03289903-2D44-4E23-8F4D-2719C6CC564D}C:\users\kevin\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe] => (Block) C:\users\kevin\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
    FirewallRules: [TCP Query User{933170AC-0AA2-46DA-88A6-95B1E39B5974}C:\users\kevin\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe] => (Block) C:\users\kevin\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
    FirewallRules: [UDP Query User{ED81F525-C800-4E9B-9137-ECCBCF57A9C6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{F25ED9F2-3CD8-4084-BB32-6E7C0605A1A1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [UDP Query User{79CA453C-7AFB-4C14-81F8-80ACEBD9E81F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [TCP Query User{5114AACC-EA94-4794-969F-244C63DB72E4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
    FirewallRules: [{9BE1BD83-1E5B-47D6-9AE9-E99104CCB4CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{E32429CF-EE5D-4AE1-9EFE-6C46A22092E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{88F407CE-9D93-4637-81A5-5358A5A0C939}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{68A0B245-EA70-422E-9831-B4DF32227916}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{3A0EC909-6F9F-47D3-947B-A1BEB606A643}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{C41CBDDB-BCDB-4EA3-83E8-3200B5B7A4B0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{0E2957FC-4335-497E-94BE-6EE66F2B76AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{B3697ED3-6E48-482F-A798-C7AED559E4FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A999812E-F17C-4C18-915A-369DD43362A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{EA07E04E-F20E-4AB3-9B07-9F84C0DB7B0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{64ADAE34-B13B-4652-8E0B-F424C1DCD9A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{67A68CCE-7566-489F-9B3F-F5A94876667C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{AE2022BF-83DE-4273-AA23-3CFE2B8B2611}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{4EB63035-3F26-4BDB-AD72-C1272A9DD817}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8CFFFD22-84E7-4C40-B1C2-2E5E711A4835}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9561BFF9-F750-49F2-834F-9493381F2F45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5404C7A9-AC61-4F66-8B48-EA7F91677F4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1536927D-EA9D-45B5-9323-8AA24682BA17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{43C79C4C-FBD6-4EAC-AD21-F3CCAFCB7ED1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    12-04-2021 05:42:51 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: 3D Video Controller
    Description: 3D Video Controller
    Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : Reinstall the drivers for this device. (Code 18)
    Resolution: The drivers for this device must be reinstalled.
    Click "Update Driver", which starts the Hardware Update wizard.
    Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (04/14/2021 09:31:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program svchost.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 97c

    Start Time: 01d7318a79e1651e

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\svchost.exe

    Report Id: 90b28362-20d6-497f-b7cc-8ea523761ace

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (04/14/2021 09:12:00 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\FOREX.com US\terminal.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.

    Error: (04/14/2021 09:04:47 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\FOREX.com US\terminal.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.

    Error: (04/14/2021 08:55:41 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\FOREX.com US\terminal.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.

    Error: (04/14/2021 08:39:11 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\FOREX.com US\terminal.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.

    Error: (04/14/2021 08:34:06 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostw (1744,G,0) An attempt to open the file "C:\Users\Kevin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (04/14/2021 08:16:45 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (1744,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Kevin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (04/14/2021 08:16:45 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (1744,R,98) WebCacheLocal: An attempt to open the file "C:\Users\Kevin\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (04/14/2021 08:55:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: 9WZDNCRFHWLH-AD2F1837.HPPRINTERCONTROL.

    Error: (04/14/2021 08:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Dell Client Management Service service failed to start due to the following error:
    The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

    Error: (04/14/2021 08:10:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Dell Help & Support service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (04/14/2021 08:10:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (60000 milliseconds) while waiting for the Dell Help & Support service to connect.

    Error: (04/14/2021 08:01:23 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:34:39 PM on ‎4/‎14/‎2021 was unexpected.

    Error: (04/14/2021 07:31:25 PM) (Source: DCOM) (EventID: 10010) (User: MAC)
    Description: The server microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

    Error: (04/13/2021 08:19:11 PM) (Source: DCOM) (EventID: 10010) (User: MAC)
    Description: The server microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

    Error: (04/12/2021 10:09:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: 9WZDNCRFHWLH-AD2F1837.HPPRINTERCONTROL.


    Windows Defender:
    ================
    Date: 2021-04-13 21:24:20
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-04-12 21:23:34
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-04-09 04:54:37
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-04-07 20:07:19
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-04-06 20:55:42
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-03-14 14:57:27
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.333.368.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17900.7
    Error code: 0x8024001e
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-03-13 21:07:08
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2021-03-13 20:58:35
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    CodeIntegrity:
    ===============
    Date: 2021-04-14 05:37:37
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    BIOS: Dell Inc. A04 03/25/2015
    Motherboard: Dell Inc. 0KY4RW
    Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
    Percentage of memory in use: 45%
    Total physical RAM: 16295.65 MB
    Available physical RAM: 8816 MB
    Total Virtual: 18727.65 MB
    Available Virtual: 10002.08 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:921.15 GB) (Free:784.62 GB) NTFS
    Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
    Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFS
    Drive x: (PBR Image) (Fixed) (Total:8.47 GB) (Free:0.72 GB) NTFS

    \\?\Volume{84a0abf1-09b6-4552-9416-80a3b6b48d00}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
    \\?\Volume{24d3188d-19fa-11e5-8259-3402869dd5c7}\ (TOSHIBA EXT) (Fixed) (Total:465.66 GB) (Free:0.78 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 10DBEA1C)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: D1288193)
    Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

  9. #9
    Join Date
    Apr 2021
    Posts
    24
    I think I got it all

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  11. #11
    Join Date
    Apr 2021
    Posts
    24
    RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19041) 64 bits
    Started in : Normal mode
    User : Kevin [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20210419_123737, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2021/04/19 21:50:14 (Duration : 06:05:27)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> XX - Software
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3840463180-259134987-2718017145-1001\Software\APN PIP -- N/A -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> Firefox Config
    [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\bostehxn.default\prefs.js) -- Secure Search -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  12. #12
    Join Date
    Apr 2021
    Posts
    24
    RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19041) 64 bits
    Started in : Normal mode
    User : Kevin [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20210419_123737, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2021/04/20 07:40:20 (Duration : 06:05:27)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3840463180-259134987-2718017145-1001\Software\APN PIP -- -> Deleted
    [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Secure Search -> Deleted

  13. #13
    Join Date
    Apr 2021
    Posts
    24
    I'll do other two tonight

  14. #14
    Join Date
    Apr 2021
    Posts
    24
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 4/20/21
    Scan Time: 2:53 AM
    Log File: 0fe87770-a1a5-11eb-a4a6-20474717446f.json

    -Software Information-
    Version: 4.3.0.98
    Components Version: 1.0.1251
    Update Package Version: 1.0.39611
    License: Premium

    -System Information-
    OS: Windows 10 (Build 19041.928)
    CPU: x64
    File System: NTFS
    User: System

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Scheduler
    Result: Completed
    Objects Scanned: 343300
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 hr, 14 min, 56 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    AdwCleaner?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •