View Single Post
  #4  
Old August 11th, 2021, 10:14 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 464
Frst #1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by Ed (administrator) on THEOSUNAPC (Dell Inc. Inspiron 2350) (11-08-2021 13:56:12)
Running from C:\Users\Ed\Downloads
Loaded Profiles: Ed
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music.exe <5>
(AOL Inc. -> AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1418490716\ee\aolsoftware.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(DELL INC.) [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler6 4.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.e xe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Update Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Ed\AppData\Local\Microsoft\OneDrive\OneDr ive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.1 4307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20090.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Ds api.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Webroot -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSvcHost.x64.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

==================== Registry (All) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393200 2017-10-20] (Intel(R) pGFX -> )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2750536 2013-11-11] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [171320 2021-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [CDCtr] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe [412672 2011-10-07] () [File not signed]
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-10-07] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1418490716\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc. -> AOL Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [5555632 2021-06-29] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4849904 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [4419176 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0
HKLM\...\Policies\Explorer: [NoRun] 0
HKLM\...\Policies\Explorer: [NoClose] 0
HKLM\...\Policies\Explorer: [StartMenuLogoff] 0
HKLM\...\Policies\Explorer: [NoResolveTrack] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [OneDrive] => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\OneDr ive.exe [2332544 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [Amazon Music Helper] => C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music Helper.exe [2356312 2021-07-21] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Run: [Amazon Music] => C:\Users\Ed\AppData\Local\Amazon Music\Amazon Music.exe*滋䳹ᤀ蠀ऒp**띛***ࡵꎼḿޅ**䓔Ϝᛸǭ****䢴ۨ䢴ۨ********** ********************渴䰎ᨀ蠀C:\Progr
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoDrives] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoClose] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [StartMenuLogoff] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoResolveTrack] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKU\S-1-5-21-218343863-661377091-144714471-1001\...\Policies\Explorer: [NoActiveDesktopChanges] 0
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [184320 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\win32spl.dll [886272 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX420 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAM.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon Pro9000 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD7U.DLL [27648 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dl l [46080 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Appmon: C:\WINDOWS\system32\AppMon.dll [114688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX420 series: C:\WINDOWS\system32\CNCALAM.DLL [302080 2010-09-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX420 series: C:\WINDOWS\system32\CNMLMAM.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor Pro9000: C:\WINDOWS\system32\CNMLM7U.DLL [258560 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Docudesk Monitor: C:\Windows\system32\ddmon4-64x.dll [35944 2013-06-17] (Docudesk -> )
HKLM\...\Print\Monitors\Local Port: C:\WINDOWS\system32\localspl.dll [1271296 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\WINDOWS\system32\FXSMON.DLL [49152 2021-02-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\WINDOWS\system32\tcpmon.dll [225280 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\USB Monitor: C:\WINDOWS\system32\usbmon.dll [931328 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\WSD Port: C:\WINDOWS\system32\APMon.dll [1487360 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\setuphost. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\Custom\setupprep. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{553 4e02f-0f5d-40dd-ba92-bea38d22384d}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\Custom64\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> C:\WINDOWS\system32\themeui.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> C:\WINDOWS\system32\shell32.dll [2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4383}] -> C:\Windows\System32\ie4uinit.exe [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Inst aller\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Insta ller\setup.exe [2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-06] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{01A30791-40AE-4653-AB2E-FD210019AE88}] -> C:\WINDOWS\system32\mgmtrefreshcredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1b283861-754f-4022-ad47-a5eaaa618894}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1ee7337f-85ac-45e2-a23c-37c753209769}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{25CBB996-92ED-457e-B28C-4774084BD562}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}] -> C:\WINDOWS\system32\TrustedSignalCredProv.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2D8B3101-E025-480D-917C-835522C7F628}] ->
HKLM\Software\...\Authentication\Credential Providers: [{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\Windows\System32\devicengccredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{600e7adb-da3e-41a4-9225-3c0399e88c0c}] -> C:\WINDOWS\system32\cngcredui.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8FD7E19C-3BF7-489B-A72C-846AB3678C96}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{A910D941-9DA9-4656-8933-AA1EAE01F76E}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Providers: [{BEC09223-B018-416D-A0AC-523971B639F5}] -> C:\WINDOWS\System32\BioCredProv.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C5D7540A-CD51-453B-B22B-05305BA03F07}] -> C:\Windows\System32\cxcredprov.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{cb82ea12-9f71-446d-89e1-8d0924e1256e}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\Windows\System32\ngccredprov.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}] -> C:\WINDOWS\system32\certCredProvider.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\WINDOWS\system32\wlidcredprov.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A1793B-7873-4046-B2A7-1F318747F427}] -> C:\WINDOWS\system32\fidocredprov.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}] -> C:\WINDOWS\system32\credprovs.dll [2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\PLAP Providers: [{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}] -> C:\WINDOWS\system32\rasplap.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\WINDOWS\system32\wlgpclnt.dll [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> C:\WINDOWS\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\WINDOWS\system32\fdeploy.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] -> C:\WINDOWS\System32\dskquota.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4bcd6cde-777b-48b6-9804-43568e23545d}] -> C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyExt ension.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}] -> C:\Windows\System32\tsworkspace.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> C:\WINDOWS\system32\WorkFoldersGPExt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7909AD9E-09EE-4247-BAB9-7029D5F0A278}] -> C:\WINDOWS\system32\dmenrollengine.dll [2021-08-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7933F41E-56F8-41d6-A31C-4148A711EE93}] -> C:\WINDOWS\System32\srchadmin.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7B849a69-220F-451E-B3FE-2CB811AF94AE}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\WINDOWS\system32\scecli.dll [2020-12-05] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] -> C:\WINDOWS\system32\gpprnext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\WINDOWS\system32\dot3gpclnt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> C:\WINDOWS\system32\pwlauncher.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> C:\WINDOWS\system32\pwlauncher.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] -> C:\Windows\System32\iedkcs32.dll [2021-07-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}] -> C:\WINDOWS\system32\domgmt.dll [2021-01-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{e437bc1c-aa7d-11d2-a382-00c04f991e27}] -> C:\WINDOWS\System32\polstore.dll [2021-05-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> C:\WINDOWS\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\WINDOWS\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-12-11]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FACD921-A746-4483-9F1B-8CAFC2506744} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [30912 2018-03-20] (Rivet Networks LLC -> DELL)
Task: {15910A5B-E8E6-4B94-ACF8-5036E817F426} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {203B35C4-7190-4030-A461-A9EC3B677FFE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2749BF2E-8E5E-4EF5-A9AE-01858E55F90E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {281380EB-6887-4BBF-8B52-76C34B7AEC6C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafet yUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2DA6EE67-CF74-484E-9E22-5D734066C9F6} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {364AC615-5EAC-4D23-99C9-1DA483BA26CB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [435672 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {515472BB-4661-41D6-832F-C7826ED6054D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {5501D686-147F-492F-B06B-CE54649ACC11} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [4950328 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {6AB27D2A-D5C9-4DE9-B74E-4F4793F019B4} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1131992 2017-09-14] (Dell Inc. -> PC-Doctor, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {76BE5BF3-5331-4905-B12D-E789B15D373B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} -
Reply With Quote