Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infected with bestfaustcaptcha [Solved]

Started by scewter , Feb 03 2022 08:23 AM

  • This topic is locked This topic is locked

#31
DR M
Posted 05 February 2022 - 07:49 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

This is an old version of Malwarebytes.
 
To uninstall it:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Malwarebytes Anti-Malware
  • Select the above program and click Uninstall.
  • Restart the computer.

Then,

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, ALL the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

  • 0

Advertisements

#32
scewter
Posted 05 February 2022 - 08:08 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Uninstallation of old and Premium version installed and scanned.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/5/22
Scan Time: 9:04 AM
Log File: 7f96c8d4-868c-11ec-9eaa-004e01b3ca92.json
 
-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50737
License: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1466)
CPU: x64
File System: NTFS
User: ScottsOfficeDesktop\scodo
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 305157
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 57 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#33
DR M
Posted 05 February 2022 - 08:14 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Malwarebytes report returned cleaned.

 

Now, we are going to clean what AdwCleaner found:

 

 

AdwCleaner (Clean mode)

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

  • 0

#34
scewter
Posted 05 February 2022 - 08:27 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-02-03.4 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-05-2022
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  26
# Awaiting reboot:4
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68BC6866-95BE-4BB8-AED8-281F9617FDA1} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68BC6866-95BE-4BB8-AED8-281F9617FDA1} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed   C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed   C:\ProgramData\DELL\UPDATESERVICE
 
*************************
 
AdwCleaner[S00].txt - [4306 octets] - [05/02/2022 08:14:29]
AdwCleaner[S01].txt - [4367 octets] - [05/02/2022 09:19:55]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

  • 0

#35
DR M
Posted 05 February 2022 - 08:29 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Perfect!
 
Let's now see fresh FRST logs.

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#36
scewter
Posted 05 February 2022 - 08:37 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by scodo (administrator) on SCOTTSOFFICEDES (Dell Inc. XPS 8930) (05-02-2022 09:34:05)
Running from C:\Users\scodo\OneDrive\Desktop
Loaded Profiles: scodo
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CANON INC. -> CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Cyber Power Systems, Inc.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_de0cf7bbf26b8ed4\aesm_service.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\scodo\OneDrive\Desktop\AdwCleaner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\scodo\AppData\Local\Microsoft\OneDrive\22.012.0116.0001\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> Intel Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617848 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC. -> CANON INC.)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10985776 2022-01-15] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\scodo\AppData\Local\Microsoft\Teams\Update.exe [2459344 2021-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon WSD Language Monitor: C:\WINDOWS\system32\cnnx0_flm.dll [1498112 2014-04-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-20] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerPanel Personal.exe.lnk [2021-11-04]
ShortcutTarget: PowerPanel Personal.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ppuser.exe.lnk [2021-11-04]
ShortcutTarget: ppuser.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe (Cyber Power Systems, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B583843-87EB-4120-AF34-B7A74D199A4C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2B1C3D07-1421-42B3-8B48-F96208F7F9C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46B2BE06-14B0-4AF4-81A1-EDD86DCA2312} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56A776D6-4D80-44CD-91EC-82D92D959752} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A98ECF9-5C18-4D97-9B90-85D9DE5896FD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {960B4130-C05D-4295-8D7D-9E9B12D3FF2E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {97850CC1-5C15-4892-94D8-EC860846E902} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-03] (Google LLC -> Google LLC)
Task: {9A4EACDA-6210-4E01-ACC0-38BD8ABE899A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FC974D7-76E6-43A5-A36E-974322907CEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8A1D95B-F23B-44DF-B82E-B4CC6ACD7E78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-03] (Google LLC -> Google LLC)
Task: {D19065FF-57A8-43CC-B2DC-31FF2E0A3552} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1172360 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8BC98FF-CAAF-4A1C-9E33-2E049D231347} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5124424-0BF7-4855-8CDB-8D4F62DC102E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cdb6014-279f-4f7f-843d-dc9d6a3aa7a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a235eab2-c774-4ff8-bf15-571d48ac6748}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
DownloadDir: C:\Users\scodo\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> hxxp://www.google.com/
Edge Notifications: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> hxxps://calendar.google.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-04]
Edge DownloadDir: Default -> C:\Users\scodo\Downloads
Edge Notifications: Default -> hxxps://calendar.google.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\scodo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-08-05]
 
Chrome: 
=======
CHR Profile: C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default [2022-02-05]
CHR DownloadDir: C:\Users\scodo\OneDrive\Desktop
CHR HomePage: Default -> hxxps://192.168.1.1/login?redirect=%2F
CHR Extension: (Google Drive) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-03]
CHR Extension: (Cisco Webex Extension) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1263424 2014-08-14] (Acronis International GmbH -> Acronis)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2020-01-03] (Acronis International GmbH -> Acronis)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [436256 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3847712 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [462880 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
S3 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [40656 2020-04-09] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1024680 2021-09-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-11-11] (Dell Inc -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73496 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2360616 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2756896 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73488 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R2 PowerPanel Personal Service; C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe [11264 2021-08-03] () [File not signed]
R2 PowerPanel Personal Service Monitor; C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe [1186304 2021-08-03] () [File not signed]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-11-15] (Dell Inc -> Dell Inc.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis International GmbH -> Acronis)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [74016 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [74024 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-11-08] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2022-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [296736 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [189336 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [1058632 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [248648 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-05 09:25 - 2022-02-05 09:25 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-02-05 09:25 - 2022-02-05 09:25 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-02-05 09:25 - 2022-02-05 09:25 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-05 09:01 - 2022-02-05 09:01 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-05 09:01 - 2022-02-05 09:01 - 000000000 ____D C:\Users\scodo\AppData\Local\mbam
2022-02-05 09:01 - 2022-02-05 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-05 08:14 - 2022-02-05 09:23 - 000000000 ____D C:\AdwCleaner
2022-02-04 12:14 - 2022-02-04 12:14 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-02-04 06:42 - 2022-02-04 12:18 - 001605886 _____ C:\WINDOWS\ntbtlog.txt
2022-02-03 18:21 - 2022-02-03 18:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-02-03 18:07 - 2022-02-03 18:07 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-02-03 08:50 - 2022-02-03 08:50 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2022-02-03 08:50 - 2022-02-03 08:50 - 000002432 _____ C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-02 16:51 - 2022-02-02 16:51 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2022-02-02 15:10 - 2022-02-05 09:34 - 000000000 ____D C:\FRST
2022-02-02 15:07 - 2022-02-02 15:07 - 002299904 _____ (Farbar) C:\Users\scodo\Downloads\FRST64.exe
2022-01-22 12:47 - 2022-01-22 12:47 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638 (2).pdf
2022-01-22 12:46 - 2022-01-22 12:46 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638 (1).pdf
2022-01-22 12:42 - 2022-01-22 12:42 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638.pdf
2022-01-22 12:05 - 2022-01-22 12:05 - 000525768 _____ C:\Users\scodo\Downloads\Wrot_Cast_Consolidated_Price_List_183_ Effective_May_17_2021.xlsx
2022-01-21 10:25 - 2022-01-21 10:25 - 000217332 _____ C:\Users\scodo\Downloads\Square D™ QO™ and QOB Miniature Circuit Breakers_QO260CP.pdf
2022-01-21 10:03 - 2022-01-21 10:03 - 000116881 _____ C:\Users\scodo\Downloads\QO™ Load Centers_QOC20U100F.pdf
2022-01-20 09:55 - 2022-01-20 09:55 - 000041110 _____ C:\Users\scodo\Downloads\social-security-statement.pdf
2022-01-14 13:36 - 2022-01-14 13:36 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-14 13:35 - 2022-01-14 13:35 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-14 13:35 - 2022-01-14 13:35 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-13 10:16 - 2022-01-13 10:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 10:16 - 2022-01-13 10:16 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-01-13 10:16 - 2022-01-13 10:16 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-01-12 09:15 - 2022-01-12 09:15 - 000000000 ___HD C:\$WinREAgent
2022-01-07 10:45 - 2022-01-07 10:45 - 000620244 _____ C:\Users\scodo\Downloads\Annual Statement 2021.pdf
2022-01-06 11:47 - 2022-01-06 11:47 - 000051937 _____ C:\Users\scodo\Downloads\Brokerage Trade Transaction - 2022-01-06T114740.853.pdf
2022-01-06 11:47 - 2022-01-06 11:47 - 000049057 _____ C:\Users\scodo\Downloads\Brokerage Trade Transaction - 2022-01-06T114737.963.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-05 09:32 - 2020-01-03 16:18 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-05 09:30 - 2020-11-08 10:19 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-05 09:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-05 09:25 - 2020-11-08 10:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-05 09:25 - 2020-11-08 10:11 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-05 09:25 - 2019-12-30 15:43 - 000000000 ___RD C:\Users\scodo\OneDrive
2022-02-05 09:25 - 2019-12-30 15:41 - 000000000 __SHD C:\Users\scodo\IntelGraphicsProfiles
2022-02-05 09:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-05 09:25 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-05 09:25 - 2019-12-06 13:02 - 000000000 ____D C:\Intel
2022-02-05 09:23 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-05 09:23 - 2019-12-06 13:01 - 000000000 ____D C:\Program Files\Dell
2022-02-05 09:01 - 2020-01-03 15:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-05 09:01 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-05 08:03 - 2020-11-08 10:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-04 12:37 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-04 12:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-04 10:48 - 2020-01-07 23:01 - 000000000 ____D C:\Users\scodo\AppData\LocalLow\Temp
2022-02-04 06:39 - 2020-11-08 09:43 - 000000000 ____D C:\Users\scodo
2022-02-04 05:50 - 2020-07-14 13:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Users\scodo\AppData\Roaming\IObit
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Users\scodo\AppData\LocalLow\IObit
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Program Files (x86)\IObit
2022-02-03 18:06 - 2020-01-03 12:24 - 000000000 ____D C:\ProgramData\IObit
2022-02-03 08:50 - 2021-12-12 09:37 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2022-02-01 21:02 - 2020-01-03 12:24 - 000000000 ____D C:\ProgramData\ProductData
2022-02-01 20:57 - 2020-01-09 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-01 20:57 - 2020-01-03 16:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2022-01-26 09:14 - 2020-11-08 10:14 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-26 09:14 - 2020-11-08 10:14 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-24 15:09 - 2019-12-30 15:41 - 000000000 ____D C:\Users\scodo\AppData\Local\Packages
2022-01-21 14:27 - 2020-11-08 10:14 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-21 14:27 - 2020-11-08 10:14 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 08:56 - 2020-01-03 16:18 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-16 07:27 - 2021-06-15 07:44 - 000000000 ____D C:\Users\scodo\AppData\Roaming\MediaMonkey5
2022-01-14 22:36 - 2020-01-03 16:50 - 000000000 ____D C:\Users\scodo\AppData\Local\Adobe
2022-01-14 22:23 - 2020-11-08 10:11 - 000441600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-14 13:37 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-14 13:32 - 2019-12-30 18:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-14 13:31 - 2019-12-30 18:46 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2020-01-08 11:53 - 2020-01-08 11:53 - 000000135 _____ () C:\Users\scodo\AppData\Roaming\pppe_log.txt
2019-12-30 17:01 - 2020-01-03 12:05 - 000007679 _____ () C:\Users\scodo\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by scodo (05-02-2022 09:34:59)
Running from C:\Users\scodo\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2020-11-08 15:14:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2087068202-1813543609-1746243882-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2087068202-1813543609-1746243882-503 - Limited - Disabled)
Guest (S-1-5-21-2087068202-1813543609-1746243882-501 - Limited - Disabled)
scodo (S-1-5-21-2087068202-1813543609-1746243882-1002 - Administrator - Enabled) => C:\Users\scodo
WDAGUtilityAccount (S-1-5-21-2087068202-1813543609-1746243882-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}) (Version: 18.0.6613 - Acronis) Hidden
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ActiveTouchMeetingClient) (Version: 41.2.4 - Cisco Webex LLC)
CrystalDiskInfo 8.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.1.0 - Crystal Dew World)
CrystalDiskInfo 8.12.4 (64-bit) (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.4 - Crystal Dew World)
CyberPower PowerPanel Personal 2.3.0 (HKLM-x32\...\5708-0475-1423-7128) (Version: 2.3.0 - CyberPower Systems, Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{CC5730C7-C867-43BD-94DA-00BB3836906F}) (Version: 4.0.52.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{E0659C89-D276-4B77-A5EC-A8F2F042E78F}) (Version: 3.10.4.18 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E21419F5-2AA6-439C-B2C1-840083A05BC5}) (Version: 5.5.0.16041 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{db72dcd5-bf99-4888-b104-cb605b82ec8a}) (Version: 5.5.0.16041 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.4.0 - Dell Inc.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
EPSON WorkForce GT-1500 Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON WorkForce GT-1500_is1) (Version: 3.0.2.0 - Epson America Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7EBADAB6-B7AC-4560-85A7-FF345559F193}) (Version: 17.2.6.1027 - Intel Corporation)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{B6A1310A-C2C4-4401-8563-7F8B2BFF7643}) (Version: 2.1.1295 - Rivet Networks)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
MasterCook 15 (HKLM-x32\...\{1E492158-401F-434B-957B-477D6B5A46AA}) (Version: 15.00.24 - Valusoft Cosmi)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14827.20158 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\OneDriveSetup.exe) (Version: 22.012.0116.0001 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Teams) (Version: 1.4.00.31569 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1048 - SUPERAntiSpyware.com)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ZoomUMX) (Version: 5.8.7 (2058) - Zoom Video Communications, Inc.)
 
Packages:
=========
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2020-01-08] (Canon Inc.)
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2019-12-30] (Dell Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2021-11-20] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-11] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-20] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.7.0_x64__htrsf667h5kn2 [2021-11-22] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.4.18.0_x86__htrsf667h5kn2 [2021-11-13] (Dell Inc)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1021.524.0_x64__rh07ty8m5nkag [2021-10-22] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1817.0_x64__8wekyb3d8bbwe [2021-12-14] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.92.17.0_x64__htrsf667h5kn2 [2021-11-04] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxDTCM.dll [2021-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-11-04 12:22 - 2017-09-15 00:35 - 000128512 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\_cffi_backend.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 001196032 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrv.dll
2021-11-04 12:23 - 2021-11-04 12:23 - 000163840 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrvc.dll
2021-11-04 12:22 - 2021-08-03 02:32 - 000023040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AdvancedHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AppTrayHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DevicePropHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000020992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000023552 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EnergyHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EventLogsHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\MenuHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\NotificationHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\RuntimeHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\ScheduleHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000019968 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SelfTestHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SummaryHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\VoltageHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientModel\DaemonStatus.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\BypassEventCount.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DesktopInteractiveServer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceConfigure.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceLogHelper.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000110592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceMonitor.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000055296 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DevicePropertiesFetcher.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:28 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EnergyRecorder.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EventAnalyzer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000100864 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\MobileDataProvider.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\TransactionHelper.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000055808 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\WebAppController.cp36-win32.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_constant_time.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 002095616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_openssl.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_padding.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\Event.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\EventsMobile.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000045568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AdvancedHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AppTrayHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DevicePropHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EnergyHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EventLogsHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000026624 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\NotificationHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\RuntimeHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000038400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\ScheduleHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SelfTestHandler.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000067072 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SummaryHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\VoltageHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:34 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppClient.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000093696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppServer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000010240 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Command.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Verification.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000096256 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DataSource2.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DBSession.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Device.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePropertiesData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePushMessageData.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DeviceStatusData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DriverTransaction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Statement.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Transaction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\UpdateStatusData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000036352 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\WebAppData.cp36-win32.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 001751040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtCore.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 001879040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtGui.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 000513024 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtNetwork.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 003814400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtWidgets.pyd
2021-11-04 12:22 - 2017-06-21 01:02 - 000111616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pywintypes36.dll
2021-11-04 12:22 - 2017-03-13 14:15 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\servicemanager.pyd
2021-11-04 12:22 - 2017-12-07 06:06 - 000084992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sip.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000013824 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cprocessors.cp36-win32.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cresultproxy.cp36-win32.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cutils.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000008192 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\buildConfig.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000029184 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\loggerSetting.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\module.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\settings.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemDefine.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemFunction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\ValueId.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\DataCryptor.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\EmailSender.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HelpOpener.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateMac.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateWin.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\i18nTranslater.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000031232 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Logger.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024576 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OAuthManagement.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000018944 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OSOperator.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\RequestImp.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000068096 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Scheduler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownMac.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownUtil.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownWin.cp36-win32.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000103424 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32api.pyd
2021-11-04 12:22 - 2017-03-13 14:14 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32event.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000173568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32gui.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000046592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32service.pyd
2005-09-07 12:03 - 2005-09-07 12:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2020-01-08 12:28 - 2014-04-10 09:19 - 000002048 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask_EN.dll
2020-01-08 12:27 - 2013-01-31 13:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qgif.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qicns.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qico.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qjpeg.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtga.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000327680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtiff.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwbmp.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000401408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwebp.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 001096704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\platforms\qwindows.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Core.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Gui.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Network.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Widgets.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Core.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Gui.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Network.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Widgets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "MFNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A71D3F24-83E1-410A-8003-472C26319771}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{A064B162-F007-46EE-91E1-3722110F4C50}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A7015658-1F20-4EB4-872B-FC8D47DD4C91}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{22FF5CFA-5C8F-4A0F-831A-34369EECE935}C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{95A5E8C2-83EF-4535-9898-BDC239FF2030}C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C0AD96C-C2B1-4D56-8991-1563F60B85CC}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{51DC7D9B-114B-4EED-A5B6-42ECB96EA260}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{9EDD681E-3C8C-420D-BEF0-739C8A5B7C2D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{21EC6AF1-43D3-490C-A65A-A89930A84211}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{4D42C5B1-C318-49DA-97AF-FD0AE72CBDEF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{DA5EC753-780C-46A5-8D13-7DCE8670A162}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{5222925D-3EB1-460B-849C-85E69585FAB0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{0D92C352-AAAC-40F0-ACF3-06BAB4DF5750}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{6F3B2C48-DAE7-472A-8A81-F0F072DD5A6C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{496E6070-A5AD-4B52-A37C-B01E95B11EB6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{9D82FF59-510B-4FA5-AE28-F6A1AA7E26BB}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8BBB3A4F-963D-4FD9-9A6B-C040EFA596BE}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{74BE710C-209A-40DC-B961-D53227071C4C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{892F6501-76C0-44E6-8701-CEA4A9287D3E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{B6323966-ABAB-4E99-B431-0B3BFC6BE352}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{C035682D-3500-4F77-813D-F2D513AD4B52}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{8035AA65-2DFF-4BDE-802E-86F1ED9AE657}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{0554D128-1D9F-4A38-909F-2EDE1A096C6F}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{ACB6959A-9082-405B-9F57-9F7ECE2E49E9}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [TCP Query User{21B9E576-19E9-4548-88C9-AA0D0BBA0B84}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0BDF7673-B245-4AE1-93B8-13621FB8E6A2}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5477D0C-9276-4077-B7F4-6FCEB6B66EF1}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE184C53-41CF-4DFF-B987-ABC4C8B15631}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DC2A4F04-66F8-41BD-9085-F2F0FF7FDD90}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C74C798B-A581-4B29-8143-EAC34D5E1A4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8628598A-2571-4A0F-B33B-00A652F9D195}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BD4FA97-4396-4EC2-85E4-10C24FD1CB05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E9887B1-2721-4C29-B642-6F3B29149B15}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4E26AFB-6018-4BA2-82AF-3E43664FD4C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{56BB7934-8196-49C3-A0C6-457B32887C6B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE52F23F-2FC5-41B0-B4BD-C120D6FF4873}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
23-01-2022 10:51:09 Scheduled Checkpoint
01-02-2022 11:51:51 Scheduled Checkpoint
03-02-2022 18:29:28 Restore Point Created by FRST
04-02-2022 05:56:05 Restore Point Created by FRST
05-02-2022 09:23:22 AdwCleaner_BeforeCleaning_05/02/2022_09:23:21
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (02/05/2022 08:53:22 AM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (02/04/2022 12:14:01 PM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (02/04/2022 11:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Faulting module name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Exception code: 0xc0000005
Fault offset: 0x000000000007a104
Faulting process id: 0x1a64
Faulting application start time: 0x01d819e3e6a97947
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Faulting module path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Report Id: 8b143b49-9776-4c2d-96d7-e2ba4d5237be
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/04/2022 10:56:15 AM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
 
System errors:
=============
Error: (02/05/2022 09:28:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Remediation service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/05/2022 09:25:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HECI Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Remediation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Hardware Support service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/05/2022 09:23:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2022-02-01 11:50:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-30 10:05:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-29 12:19:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-28 09:58:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-27 14:25:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2022-02-04 12:14:42
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-02-04 11:06:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.357.84.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18900.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2022-02-04 10:56:53
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-02-04 10:07:40
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.357.84.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18900.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2022-02-04 09:57:38
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.1.18 09/06/2021
Motherboard: Dell Inc. 0T2HR0
Processor: Intel® Core™ i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 29%
Total physical RAM: 16190.91 MB
Available physical RAM: 11469.82 MB
Total Virtual: 18622.91 MB
Available Virtual: 13619.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.19 GB) (Free:148.96 GB) NTFS
Drive s: (Audio/Video) (Fixed) (Total:833.84 GB) (Free:652.47 GB) NTFS
Drive t: (Misc Data) (Fixed) (Total:97.66 GB) (Free:59.56 GB) NTFS
 
\\?\Volume{32f547c6-c831-48bd-b930-186e67c7499a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.58 GB) NTFS
\\?\Volume{4505f415-94fa-480c-95da-2643ae05f561}\ (Image) (Fixed) (Total:12.32 GB) (Free:0.18 GB) NTFS
\\?\Volume{62156c42-d9ec-43fd-a0fa-4727839d5129}\ (DELLSUPPORT) (Fixed) (Total:1.22 GB) (Free:0.43 GB) NTFS
\\?\Volume{d188605c-5e7d-480f-96f7-ecb1888c371d}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.55 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 0BEC2E74)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#37
DR M
Posted 05 February 2022 - 09:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Some comments:
 
1. Chrome Home Page
 
It seems that your Home Page returned to this: 192.168.1.1/login?redirect=%2F
 
Is it something you recognize or intentionally set?
 
 
2. Preinstalled Software
 
Since you chose to remove it, you may consider to uninstall also these:
 
Dell SupportAssist
Dell SupportAssist OS Recovery Plugin for Dell Update
Dell SupportAssist Remediation 
Dell Update for Windows Universal
 
 
3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Download the attached fixlist and save it next to FRST tool on your Desktop.
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  1. A reply about Chrome Home page
  2. If you uninstalled any of the programs in step 2
  3. The fixlog.txt
  4. Feedback: How is the computer running now? 

Attached Files


  • 0

#38
scewter
Posted 05 February 2022 - 09:20 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Couple quick answers:

 

1. Home page - I set that up as a quick way to get to our router - which actually does more than just internet routing. If you see a security problem with this let me know and that can be changed

 

2.Pre-installed software - most definitely want to rid this computer of all bloatware. I'm with you on "if you don't use it, get rid of it". I'll occasionally look at the Task Mgr process tab to see how many are running. Have spent a bit of time on older Win OS's and older computers trying to keep that slimmed down as the system seemed to run better without all the extra stuff running in the background. Doesn't seem to be as much of an issue in Win10 on this new computer for me. Although I do look at the Task Mgr to see how the CPU is doing at idle from time to time. Old habit I guess - if I don't have any apps running and the system has recently been started/restarted I'd expect the CPU to be in low single digits.

 

I'll get to the FRST fix a bit later today.

 

thnx for the time!


  • 0

#39
DR M
Posted 05 February 2022 - 09:30 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, again. :)

 

No, the Home page is fine if it is set by you. I just wondered, because the previous fix removed it and now it returned. 

 

As for the un-necessary programs, you can uninstall anything you don't need/use, at this step. Just let me know the names of these programs, so we can remove any remnants related to them. 

 

I'll be waiting for the fixlog. 


  • 0

#40
scewter
Posted 05 February 2022 - 10:35 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Preinstalled software - deleted the following:

 

Dell SupportAssist
Dell SupportAssist OS Recovery Plugin for Dell Update
Dell SupportAssist Remediation 
Dell Update for Windows Universal

 

 

FRST fix:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by scodo (05-02-2022 11:27:54) Run:5
Running from C:\Users\scodo\OneDrive\Desktop
Loaded Profiles: scodo
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
createrestorepoint:
closeprocesses:
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
2022-02-03 18:21 - 2022-02-03 18:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Users\scodo\AppData\Roaming\IObit
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Users\scodo\AppData\LocalLow\IObit
2022-02-03 18:07 - 2020-01-03 12:24 - 000000000 ____D C:\Program Files (x86)\IObit
2022-02-03 18:06 - 2020-01-03 12:24 - 000000000 ____D C:\ProgramData\IObit
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
Dell SupportAssist Remediation => service not found.
HKLM\System\CurrentControlSet\Services\cpuz145 => removed successfully
cpuz145 => service removed successfully
C:\WINDOWS\system32\Tasks\McAfee => moved successfully
C:\Users\scodo\AppData\Roaming\IObit => moved successfully
C:\Users\scodo\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
"AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}" => removed successfully
"FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14795614 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1402516 B
Edge => 0 B
Chrome => 252249293 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8334 B
NetworkService => 16282 B
scodo => 10853504 B
 
RecycleBin => 41441236 B
EmptyTemp: => 306.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:28:07 ====

  • 0

Advertisements

#41
DR M
Posted 05 February 2022 - 10:38 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Thank you. 

 

How is the computer running now? Any remaining issues/questions/concerns? 

 

Now, I would like to see fresh FRST logs, to remove any remnants after you uninstalled those programs. 


  • 0

#42
scewter
Posted 05 February 2022 - 10:57 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Computer is running very well.

 

No issues, but couple questions/concerns.

 

1. Was this "bestfaustcaptcha" malware or was that a cover for something else, or does it really matter. Didn't seem like a very serious problem, but then I didn't click on any of the pop-up windows so that may have prevented it from taking it to a whole different level?

 

2. I've been using superantispyware. Should I continue or switch to AdwCleaner, or use both?

 

3. Guessing the old version of Malwarebytes Antimalware Pro is obsolete now - even though it indicated lifetime subscription when I bought it - so probably worthwhile to switch to MBAM premium now?

 

4. Any other suggestions for apps to use that do an excellent job of scanning/cleaning to keep our pc's running peak?

 

Here's the logs:

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022

Ran by scodo (administrator) on SCOTTSOFFICEDES (Dell Inc. XPS 8930) (05-02-2022 11:41:46)
Running from C:\Users\scodo\OneDrive\Desktop
Loaded Profiles: scodo
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe
() [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CANON INC. -> CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Cyber Power Systems, Inc.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_de0cf7bbf26b8ed4\aesm_service.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\scodo\AppData\Local\Microsoft\OneDrive\22.012.0116.0001\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> Intel Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617848 2021-08-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC. -> CANON INC.)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10985776 2022-01-15] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\scodo\AppData\Local\Microsoft\Teams\Update.exe [2459344 2021-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon WSD Language Monitor: C:\WINDOWS\system32\cnnx0_flm.dll [1498112 2014-04-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-20] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerPanel Personal.exe.lnk [2021-11-04]
ShortcutTarget: PowerPanel Personal.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ppuser.exe.lnk [2021-11-04]
ShortcutTarget: ppuser.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe (Cyber Power Systems, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B583843-87EB-4120-AF34-B7A74D199A4C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2B1C3D07-1421-42B3-8B48-F96208F7F9C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46B2BE06-14B0-4AF4-81A1-EDD86DCA2312} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56A776D6-4D80-44CD-91EC-82D92D959752} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A98ECF9-5C18-4D97-9B90-85D9DE5896FD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {960B4130-C05D-4295-8D7D-9E9B12D3FF2E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {97850CC1-5C15-4892-94D8-EC860846E902} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-03] (Google LLC -> Google LLC)
Task: {9A4EACDA-6210-4E01-ACC0-38BD8ABE899A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FC974D7-76E6-43A5-A36E-974322907CEC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8A1D95B-F23B-44DF-B82E-B4CC6ACD7E78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-03] (Google LLC -> Google LLC)
Task: {D19065FF-57A8-43CC-B2DC-31FF2E0A3552} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1172360 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8BC98FF-CAAF-4A1C-9E33-2E049D231347} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5124424-0BF7-4855-8CDB-8D4F62DC102E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cdb6014-279f-4f7f-843d-dc9d6a3aa7a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a235eab2-c774-4ff8-bf15-571d48ac6748}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
DownloadDir: C:\Users\scodo\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> hxxp://www.google.com/
Edge Notifications: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> hxxps://calendar.google.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-04]
Edge DownloadDir: Default -> C:\Users\scodo\Downloads
Edge Notifications: Default -> hxxps://calendar.google.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\scodo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-08-05]
 
Chrome: 
=======
CHR Profile: C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default [2022-02-05]
CHR DownloadDir: C:\Users\scodo\OneDrive\Desktop
CHR HomePage: Default -> hxxps://192.168.1.1/login?redirect=%2F
CHR Extension: (Google Drive) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-03]
CHR Extension: (Cisco Webex Extension) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1263424 2014-08-14] (Acronis International GmbH -> Acronis)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2020-01-03] (Acronis International GmbH -> Acronis)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
S3 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [40656 2020-04-09] (Dell Inc -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73496 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2360616 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2756896 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73488 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R2 PowerPanel Personal Service; C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe [11264 2021-08-03] () [File not signed]
R2 PowerPanel Personal Service Monitor; C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe [1186304 2021-08-03] () [File not signed]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis International GmbH -> Acronis)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [74016 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [74024 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-11-08] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2022-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [296736 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [189336 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-02-05] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [1058632 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [248648 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-05 11:30 - 2022-02-05 11:30 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-02-05 11:30 - 2022-02-05 11:30 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-02-05 11:30 - 2022-02-05 11:30 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-02-05 11:18 - 2022-02-05 11:18 - 000000000 ____D C:\Users\scodo\AppData\Local\CrashDumps
2022-02-05 09:01 - 2022-02-05 09:01 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-02-05 09:01 - 2022-02-05 09:01 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-05 09:01 - 2022-02-05 09:01 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-05 09:01 - 2022-02-05 09:01 - 000000000 ____D C:\Users\scodo\AppData\Local\mbam
2022-02-05 09:01 - 2022-02-05 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-05 08:14 - 2022-02-05 09:23 - 000000000 ____D C:\AdwCleaner
2022-02-04 12:14 - 2022-02-04 12:14 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-02-04 06:42 - 2022-02-04 12:18 - 001605886 _____ C:\WINDOWS\ntbtlog.txt
2022-02-03 18:07 - 2022-02-03 18:07 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-02-03 08:50 - 2022-02-03 08:50 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2022-02-03 08:50 - 2022-02-03 08:50 - 000002432 _____ C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-02 16:51 - 2022-02-02 16:51 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2022-02-02 15:10 - 2022-02-05 11:41 - 000000000 ____D C:\FRST
2022-02-02 15:07 - 2022-02-02 15:07 - 002299904 _____ (Farbar) C:\Users\scodo\Downloads\FRST64.exe
2022-01-22 12:47 - 2022-01-22 12:47 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638 (2).pdf
2022-01-22 12:46 - 2022-01-22 12:46 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638 (1).pdf
2022-01-22 12:42 - 2022-01-22 12:42 - 000090576 _____ C:\Users\scodo\Downloads\9292250-ReturnBendCxC-Wrot-638.pdf
2022-01-22 12:05 - 2022-01-22 12:05 - 000525768 _____ C:\Users\scodo\Downloads\Wrot_Cast_Consolidated_Price_List_183_ Effective_May_17_2021.xlsx
2022-01-21 10:25 - 2022-01-21 10:25 - 000217332 _____ C:\Users\scodo\Downloads\Square D™ QO™ and QOB Miniature Circuit Breakers_QO260CP.pdf
2022-01-21 10:03 - 2022-01-21 10:03 - 000116881 _____ C:\Users\scodo\Downloads\QO™ Load Centers_QOC20U100F.pdf
2022-01-20 09:55 - 2022-01-20 09:55 - 000041110 _____ C:\Users\scodo\Downloads\social-security-statement.pdf
2022-01-14 13:36 - 2022-01-14 13:36 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-14 13:35 - 2022-01-14 13:35 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-14 13:35 - 2022-01-14 13:35 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-13 10:16 - 2022-01-13 10:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 10:16 - 2022-01-13 10:16 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-01-13 10:16 - 2022-01-13 10:16 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-01-12 09:15 - 2022-01-12 09:15 - 000000000 ___HD C:\$WinREAgent
2022-01-07 10:45 - 2022-01-07 10:45 - 000620244 _____ C:\Users\scodo\Downloads\Annual Statement 2021.pdf
2022-01-06 11:47 - 2022-01-06 11:47 - 000051937 _____ C:\Users\scodo\Downloads\Brokerage Trade Transaction - 2022-01-06T114740.853.pdf
2022-01-06 11:47 - 2022-01-06 11:47 - 000049057 _____ C:\Users\scodo\Downloads\Brokerage Trade Transaction - 2022-01-06T114737.963.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-05 11:34 - 2020-11-08 10:19 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-05 11:34 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-05 11:32 - 2020-01-03 16:18 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-05 11:30 - 2019-12-30 15:43 - 000000000 ___RD C:\Users\scodo\OneDrive
2022-02-05 11:30 - 2019-12-30 15:41 - 000000000 __SHD C:\Users\scodo\IntelGraphicsProfiles
2022-02-05 11:30 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-05 11:29 - 2020-11-08 10:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-05 11:29 - 2020-11-08 10:11 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-05 11:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-05 11:29 - 2019-12-06 13:02 - 000000000 ____D C:\Intel
2022-02-05 11:28 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-05 11:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-05 11:15 - 2019-12-06 13:09 - 000000000 ____D C:\ProgramData\Dell
2022-02-05 11:15 - 2019-12-06 13:04 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-05 11:14 - 2019-12-31 09:22 - 000000000 ____D C:\Users\scodo\AppData\Local\Dell Inc
2022-02-05 11:14 - 2019-12-06 13:01 - 000000000 ____D C:\ProgramData\PCDr
2022-02-05 11:14 - 2019-12-06 13:01 - 000000000 ____D C:\Program Files\Dell
2022-02-05 11:13 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-05 11:11 - 2020-11-08 10:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-05 09:01 - 2020-01-03 15:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-05 09:01 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-04 10:48 - 2020-01-07 23:01 - 000000000 ____D C:\Users\scodo\AppData\LocalLow\Temp
2022-02-04 06:39 - 2020-11-08 09:43 - 000000000 ____D C:\Users\scodo
2022-02-04 05:50 - 2020-07-14 13:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-03 08:50 - 2021-12-12 09:37 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2022-02-01 21:02 - 2020-01-03 12:24 - 000000000 ____D C:\ProgramData\ProductData
2022-02-01 20:57 - 2020-01-09 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-01 20:57 - 2020-01-03 16:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2022-01-26 09:14 - 2020-11-08 10:14 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-26 09:14 - 2020-11-08 10:14 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-24 15:09 - 2019-12-30 15:41 - 000000000 ____D C:\Users\scodo\AppData\Local\Packages
2022-01-21 14:27 - 2020-11-08 10:14 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-21 14:27 - 2020-11-08 10:14 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 08:56 - 2020-01-03 16:18 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-16 07:27 - 2021-06-15 07:44 - 000000000 ____D C:\Users\scodo\AppData\Roaming\MediaMonkey5
2022-01-14 22:36 - 2020-01-03 16:50 - 000000000 ____D C:\Users\scodo\AppData\Local\Adobe
2022-01-14 22:23 - 2020-11-08 10:11 - 000441600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-14 22:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-14 13:37 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-14 13:32 - 2019-12-30 18:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-14 13:31 - 2019-12-30 18:46 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2020-01-08 11:53 - 2020-01-08 11:53 - 000000135 _____ () C:\Users\scodo\AppData\Roaming\pppe_log.txt
2019-12-30 17:01 - 2020-01-03 12:05 - 000007679 _____ () C:\Users\scodo\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by scodo (05-02-2022 11:42:41)
Running from C:\Users\scodo\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2020-11-08 15:14:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2087068202-1813543609-1746243882-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2087068202-1813543609-1746243882-503 - Limited - Disabled)
Guest (S-1-5-21-2087068202-1813543609-1746243882-501 - Limited - Disabled)
scodo (S-1-5-21-2087068202-1813543609-1746243882-1002 - Administrator - Enabled) => C:\Users\scodo
WDAGUtilityAccount (S-1-5-21-2087068202-1813543609-1746243882-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}) (Version: 18.0.6613 - Acronis) Hidden
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ActiveTouchMeetingClient) (Version: 41.2.4 - Cisco Webex LLC)
CrystalDiskInfo 8.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.1.0 - Crystal Dew World)
CrystalDiskInfo 8.12.4 (64-bit) (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.4 - Crystal Dew World)
CyberPower PowerPanel Personal 2.3.0 (HKLM-x32\...\5708-0475-1423-7128) (Version: 2.3.0 - CyberPower Systems, Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{CC5730C7-C867-43BD-94DA-00BB3836906F}) (Version: 4.0.52.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
EPSON WorkForce GT-1500 Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON WorkForce GT-1500_is1) (Version: 3.0.2.0 - Epson America Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7EBADAB6-B7AC-4560-85A7-FF345559F193}) (Version: 17.2.6.1027 - Intel Corporation)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{B6A1310A-C2C4-4401-8563-7F8B2BFF7643}) (Version: 2.1.1295 - Rivet Networks)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
MasterCook 15 (HKLM-x32\...\{1E492158-401F-434B-957B-477D6B5A46AA}) (Version: 15.00.24 - Valusoft Cosmi)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14827.20158 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\OneDriveSetup.exe) (Version: 22.012.0116.0001 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Teams) (Version: 1.4.00.31569 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1048 - SUPERAntiSpyware.com)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ZoomUMX) (Version: 5.8.7 (2058) - Zoom Video Communications, Inc.)
 
Packages:
=========
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2020-01-08] (Canon Inc.)
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2019-12-30] (Dell Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2021-11-20] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2021-08-11] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2021-09-20] (Screenovate Technologies) [Startup Task]
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.4.18.0_x86__htrsf667h5kn2 [2021-11-13] (Dell Inc)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1021.524.0_x64__rh07ty8m5nkag [2021-10-22] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1817.0_x64__8wekyb3d8bbwe [2021-12-14] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.92.17.0_x64__htrsf667h5kn2 [2021-11-04] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxDTCM.dll [2021-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-11-04 12:22 - 2017-09-15 00:35 - 000128512 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\_cffi_backend.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 001196032 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrv.dll
2021-11-04 12:23 - 2021-11-04 12:23 - 000163840 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrvc.dll
2021-11-04 12:22 - 2021-08-03 02:32 - 000023040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AdvancedHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AppTrayHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DevicePropHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000020992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000023552 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EnergyHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EventLogsHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\MenuHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\NotificationHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\RuntimeHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\ScheduleHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000019968 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SelfTestHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SummaryHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\VoltageHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientModel\DaemonStatus.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\BypassEventCount.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DesktopInteractiveServer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceConfigure.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceLogHelper.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000110592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceMonitor.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000055296 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DevicePropertiesFetcher.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:28 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EnergyRecorder.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EventAnalyzer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000100864 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\MobileDataProvider.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:29 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\TransactionHelper.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000055808 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\WebAppController.cp36-win32.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_constant_time.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 002095616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_openssl.pyd
2021-11-04 12:22 - 2017-09-15 00:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_padding.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\Event.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\EventsMobile.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000045568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AdvancedHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AppTrayHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DevicePropHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EnergyHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EventLogsHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000026624 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\NotificationHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\RuntimeHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000038400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\ScheduleHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SelfTestHandler.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000067072 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SummaryHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\VoltageHandler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:34 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppClient.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000093696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppServer.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000010240 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Command.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:35 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Verification.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000096256 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DataSource2.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DBSession.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Device.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:30 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePropertiesData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePushMessageData.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DeviceStatusData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DriverTransaction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Statement.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Transaction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\UpdateStatusData.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:31 - 000036352 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\WebAppData.cp36-win32.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 001751040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtCore.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 001879040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtGui.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 000513024 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtNetwork.pyd
2021-11-04 12:22 - 2017-12-07 06:05 - 003814400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtWidgets.pyd
2021-11-04 12:22 - 2017-06-21 01:02 - 000111616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pywintypes36.dll
2021-11-04 12:22 - 2017-03-13 14:15 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\servicemanager.pyd
2021-11-04 12:22 - 2017-12-07 06:06 - 000084992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sip.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000013824 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cprocessors.cp36-win32.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cresultproxy.cp36-win32.pyd
2021-11-04 12:22 - 2017-07-05 10:30 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cutils.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000008192 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\buildConfig.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000029184 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\loggerSetting.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\module.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\settings.cp36-win32.pyd
2021-11-04 12:23 - 2021-11-04 12:23 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemDefine.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemFunction.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:26 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\ValueId.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\DataCryptor.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\EmailSender.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HelpOpener.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateMac.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateWin.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\i18nTranslater.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000031232 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Logger.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000024576 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OAuthManagement.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000018944 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OSOperator.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:32 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\RequestImp.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000068096 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Scheduler.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownMac.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownUtil.cp36-win32.pyd
2021-11-04 12:22 - 2021-08-03 02:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownWin.cp36-win32.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000103424 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32api.pyd
2021-11-04 12:22 - 2017-03-13 14:14 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32event.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000173568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32gui.pyd
2021-11-04 12:22 - 2017-03-13 14:15 - 000046592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32service.pyd
2005-09-07 12:03 - 2005-09-07 12:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2020-01-08 12:28 - 2014-04-10 09:19 - 000002048 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask_EN.dll
2020-01-08 12:27 - 2013-01-31 13:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qgif.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qicns.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qico.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qjpeg.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtga.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000327680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtiff.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwbmp.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000401408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwebp.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 001096704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\platforms\qwindows.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Core.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Gui.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Network.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Widgets.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Core.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Gui.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Network.dll
2021-11-04 12:22 - 2017-12-07 06:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Widgets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "MFNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A71D3F24-83E1-410A-8003-472C26319771}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{A064B162-F007-46EE-91E1-3722110F4C50}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A7015658-1F20-4EB4-872B-FC8D47DD4C91}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{22FF5CFA-5C8F-4A0F-831A-34369EECE935}C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{95A5E8C2-83EF-4535-9898-BDC239FF2030}C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C0AD96C-C2B1-4D56-8991-1563F60B85CC}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{51DC7D9B-114B-4EED-A5B6-42ECB96EA260}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{9EDD681E-3C8C-420D-BEF0-739C8A5B7C2D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{21EC6AF1-43D3-490C-A65A-A89930A84211}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{4D42C5B1-C318-49DA-97AF-FD0AE72CBDEF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{DA5EC753-780C-46A5-8D13-7DCE8670A162}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{5222925D-3EB1-460B-849C-85E69585FAB0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{0D92C352-AAAC-40F0-ACF3-06BAB4DF5750}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{6F3B2C48-DAE7-472A-8A81-F0F072DD5A6C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{496E6070-A5AD-4B52-A37C-B01E95B11EB6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{9D82FF59-510B-4FA5-AE28-F6A1AA7E26BB}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8BBB3A4F-963D-4FD9-9A6B-C040EFA596BE}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{74BE710C-209A-40DC-B961-D53227071C4C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{892F6501-76C0-44E6-8701-CEA4A9287D3E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{B6323966-ABAB-4E99-B431-0B3BFC6BE352}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{C035682D-3500-4F77-813D-F2D513AD4B52}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{8035AA65-2DFF-4BDE-802E-86F1ED9AE657}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{0554D128-1D9F-4A38-909F-2EDE1A096C6F}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{ACB6959A-9082-405B-9F57-9F7ECE2E49E9}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [TCP Query User{21B9E576-19E9-4548-88C9-AA0D0BBA0B84}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0BDF7673-B245-4AE1-93B8-13621FB8E6A2}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5477D0C-9276-4077-B7F4-6FCEB6B66EF1}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE184C53-41CF-4DFF-B987-ABC4C8B15631}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DC2A4F04-66F8-41BD-9085-F2F0FF7FDD90}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C74C798B-A581-4B29-8143-EAC34D5E1A4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8628598A-2571-4A0F-B33B-00A652F9D195}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BD4FA97-4396-4EC2-85E4-10C24FD1CB05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E9887B1-2721-4C29-B642-6F3B29149B15}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4E26AFB-6018-4BA2-82AF-3E43664FD4C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{56BB7934-8196-49C3-A0C6-457B32887C6B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE52F23F-2FC5-41B0-B4BD-C120D6FF4873}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
23-01-2022 10:51:09 Scheduled Checkpoint
01-02-2022 11:51:51 Scheduled Checkpoint
03-02-2022 18:29:28 Restore Point Created by FRST
04-02-2022 05:56:05 Restore Point Created by FRST
05-02-2022 09:23:22 AdwCleaner_BeforeCleaning_05/02/2022_09:23:21
05-02-2022 11:14:31 Dell SupportAssist OS Recovery Plugin for Dell Update
05-02-2022 11:15:05 Dell SupportAssist Remediation
05-02-2022 11:15:29 Removed Dell Update for Windows Universal.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/05/2022 11:28:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/05/2022 11:27:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ed15f34d-b88e-498e-b7ea-4ffc3b960b06}
 
Error: (02/05/2022 11:18:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Faulting module name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Exception code: 0xc0000005
Fault offset: 0x000000000007a104
Faulting process id: 0x1b4c
Faulting application start time: 0x01d81aabfa2f0b75
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Faulting module path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Report Id: e753fa04-f432-49ab-9c4d-ea5e64adb847
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/05/2022 11:16:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Faulting module name: KNDBWM.exe, version: 3.1021.524.1, time stamp: 0x60ab4441
Exception code: 0xc0000409
Fault offset: 0x00000000000ada45
Faulting process id: 0x1830
Faulting application start time: 0x01d81a9c30faf0a3
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Faulting module path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
Report Id: c340d377-0460-4f3f-a982-665865c69da1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/05/2022 11:16:28 AM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (02/05/2022 08:53:25 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (02/05/2022 11:29:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/05/2022 11:28:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PowerPanel Personal Service service failed to start due to the following error: 
The media is write protected.
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Sync Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Capability Licensing Service TCP IP Interface service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® SGX AESM service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/05/2022 11:28:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The xTendUtilityService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2022-02-01 11:50:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-30 10:05:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-29 12:19:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-28 09:58:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-27 14:25:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2022-02-04 12:14:42
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-02-04 11:06:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.357.84.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18900.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2022-02-04 10:56:53
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-02-04 10:07:40
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.357.84.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18900.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2022-02-04 09:57:38
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.1.18 09/06/2021
Motherboard: Dell Inc. 0T2HR0
Processor: Intel® Core™ i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 16190.91 MB
Available physical RAM: 11302.29 MB
Total Virtual: 18622.91 MB
Available Virtual: 13989.58 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.19 GB) (Free:149.52 GB) NTFS
Drive s: (Audio/Video) (Fixed) (Total:833.84 GB) (Free:652.47 GB) NTFS
Drive t: (Misc Data) (Fixed) (Total:97.66 GB) (Free:59.56 GB) NTFS
 
\\?\Volume{32f547c6-c831-48bd-b930-186e67c7499a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.58 GB) NTFS
\\?\Volume{4505f415-94fa-480c-95da-2643ae05f561}\ (Image) (Fixed) (Total:12.32 GB) (Free:0.18 GB) NTFS
\\?\Volume{62156c42-d9ec-43fd-a0fa-4727839d5129}\ (DELLSUPPORT) (Fixed) (Total:1.22 GB) (Free:0.43 GB) NTFS
\\?\Volume{d188605c-5e7d-480f-96f7-ecb1888c371d}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.55 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 0BEC2E74)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#43
DR M
Posted 05 February 2022 - 11:12 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Let me try to answer your questions:
 
 

1. Was this "bestfaustcaptcha" malware or was that a cover for something else, or does it really matter. Didn't seem like a very serious problem, but then I didn't click on any of the pop-up windows so that may have prevented it from taking it to a whole different level?

 
Bestfaustcaptcha.top is a malicious site that displays fake messages to trick you into subscribing to its spam push notifications. Probably, the site you visited caused that, by giving you these notifications in Chrome. 
 
 

2. I've been using superantispyware. Should I continue or switch to AdwCleaner, or use both?

 

You can continue using SuperAntispyware as an on demand scanner. AdwCleaner is not an antimalware/antispyware solution for everyday usage by users. Since it is getting updates daily, every time we use it we have to download the latest version. That's why we are going to delete it at the end of this process. 
 
 

3. Guessing the old version of Malwarebytes Antimalware Pro is obsolete now - even though it indicated lifetime subscription when I bought it - so probably worthwhile to switch to MBAM premium now?

 
It was a very old version of the product. I am not sure if you can use the lifetime license for the upgraded product. I can ask and let you know. I prefer Malwarebytes more than any other antimalware/antispyware program and for sure, the premium version worth it. 
 
 

4. Any other suggestions for apps to use that do an excellent job of scanning/cleaning to keep our pc's running peak?

 
Let me ask to this question at the end of this procedure. I will provide you with my favorite security tips, which you can print out and use them.
 
I will be away for a couple of hours. When I return, I'll review the fresh logs.


  • 0

#44
scewter
Posted 05 February 2022 - 11:17 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Excellent - thnx for the replies.


  • 0

#45
DR M
Posted 05 February 2022 - 01:34 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

I just noticed that there are also some Dell apps in your computer. Since you uninstalled all the others, you can do that with these too. Click on the Start icon, find the apps, right click on each one and select Uninstall. 

 

Dell Customer Connect 
Dell Digital Delivery 
Dell Mobile Connect 3.3 
Dell Update 
 
 
Otherwise, your logs are clean now. 
 
Any other question?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP