Browsers crashing

Ok...I got it figured out on downloading Farbar....here are the log files...

Thanks!!

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021Ran by Administrative (08-01-2021 17:16:20)Running from C:\Users\Administrative\DownloadsWindows 10 Pro Version 2004 19041.685 (X64) (2020-11-11 07:39:52)Boot Mode: Normal============================================================================== Accounts: ============================= Administrative (S-1-5-21-1575943820-1359115009-3172392316-1000 - Administrator - Enabled) => C:\Users\AdministrativeAdministrator (S-1-5-21-1575943820-1359115009-3172392316-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-1575943820-1359115009-3172392316-503 - Limited - Disabled)Guest (S-1-5-21-1575943820-1359115009-3172392316-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1575943820-1359115009-3172392316-1002 - Limited - Enabled)WDAGUtilityAccount (S-1-5-21-1575943820-1359115009-3172392316-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Security Agent (Disabled - Up to date) {AFEE279F-FAE7-BAEE-3A88-4BF7277B8551}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Trend Micro Security Agent (Enabled - Up to date) {EC12BE89-041A-8F94-731F-00950AF91A54}AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {148FC67B-DCDD-B560-0038-70855CFCCFEC}FW: Trend Micro Personal Firewall (Enabled) {97D5A6BA-B088-BBB6-11D7-E2C2D9A8C22A}FW: Trend Micro Personal Firewall (Enabled) {A803FD51-5639-95DC-A263-23E94C432B46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)BioAPI Framework (HKLM\...\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}) (Version: 1.0.2 - Dell Inc.) HiddenBrave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.77 - Brave Software Inc)BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) HiddenCustom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.000 - Wave Systems Corp.) HiddenCyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)D110 (HKLM-x32\...\{8C208B2B-0869-4891-AA54-33DB81A583C0}) (Version: 140.0.353.000 - Hewlett-Packard) HiddenD3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) HiddenDell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.1.0 - Dell Inc.)Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.01.01.002 - Wave Systems Corp) HiddenDell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.013 - Dell Inc.)Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)DellAccess (HKLM\...\{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}) (Version: 01.01.00.072 - Wave Systems Corp.) HiddenDestinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) HiddenDeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) HiddenDirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) HiddenEMBASSY Security Center (HKLM\...\{EEAFE1E5-076B-430A-96D9-B567792AFA88}) (Version: 04.03.00.121 - Wave Systems Corp.) HiddenFujitsu Registration (HKLM-x32\...\{648C0D5B-3BD0-4941-B06B-ECD1F942D80A}) (Version: 2.51.0013 - Fujitsu Inc.)Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Version: 01.64.01.0010 - Wave Systems Corp) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) HiddenGoogle Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) HiddenGoogle Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) HiddenGPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) HiddenHP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) HiddenHPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) HiddenHPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) HiddenIntel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:- Resplendence Software Projects Sp.)Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) HiddenMesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1575943820-1359115009-3172392316-1000\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) HiddenNTRU TCG Software Stack (HKLM\...\{414B7B9C-B353-4821-9393-78AE034079E7}) (Version: 2.1.36 - Security Innovation, Inc.) HiddenPC-CCID (HKLM\...\{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}) (Version: 2.0.0 - Gemalto) HiddenPhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) HiddenPreboot Manager (HKLM\...\{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}) (Version: 03.03.00.074 - Wave Systems Corp.) HiddenPrivate Information Manager (HKLM\...\{0B0A2153-58A6-4244-B458-25EDF5FCD809}) (Version: 07.01.00.022 - Wave Systems Corp.) HiddenPS_AIO_07_D110_SW_Min (HKLM-x32\...\{7904CF06-95E1-4507-92F3-3A4FFDF51DCB}) (Version: 140.0.365.000 - Hewlett-Packard) HiddenQuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) HiddenRBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) HiddenRealtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)Reimage Protector (HKLM\...\Reimage Protector) (Version:- Reimage) <==== ATTENTIONRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) HiddenScan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) HiddenScanSnap Manager (HKLM-x32\...\{5EA9B2F1-DE40-4B3C-A756-5BD1EA538018}) (Version: 6.5.40.4.6 - PFU) HiddenScanSnap Manager (HKLM-x32\...\{F621EAA6-FC5A-48A3-B308-167B29B6CFE2}) (Version: 6.5.31.1.1 - PFU) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:- Microsoft)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SiteBuilder (HKLM-x32\...\SiteBuilder) (Version: 2.9.0 - Aabaco)SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) HiddenSonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) HiddenSPBA 5.9 (HKLM\...\{2EECD5EF-5095-467C-B80C-4AB3096EFD60}) (Version: 5.9.4.6686 - UPEK Inc.) HiddenStatus (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) HiddenToolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) HiddenTP-Link Archer T4U Driver (HKLM-x32\...\{4805DC86-DEBF-4A5C-B9C4-291FA6441548}) (Version: 2.1.0 - TP-Link)TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) HiddenTrend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 6.7.1478 - Trend Micro)Trend Micro Security Agent (HKLM-x32\...\HostedAgent) (Version:- )Trusted Drive Manager (HKLM\...\{6AC87FB3-ACFC-4416-890C-8976D5A9B371}) (Version: 4.1.1.312 - Wave Systems Corp.) HiddenUFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 6, 1, 0 - Canon Inc.)Upek Touchchip Fingerprint Reader (HKLM\...\{4E60E212-3177-4B16-BCB3-616CCC52357D}) (Version: 1.2.004 - Dell Inc.) HiddenVASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:- Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)VS2010MergeModule (HKLM-x32\...\{16B1B5E5-78F7-4F6F-BF4B-3AD51E4AEA92}) (Version: 1.00.0000 - Your Company Name) HiddenVS2013MergeModule (HKLM-x32\...\{D6B1F9B7-B880-47F0-9C83-68278998CBD5}) (Version: 1.00.0000 - Your Company Name) HiddenWave Infrastructure Installer (HKLM\...\{777FF553-493D-4068-BAC7-EE2D73DB7434}) (Version: 07.67.17.0010 - Wave Systems Corp) HiddenWave Support Software Installer (HKLM\...\{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.13.00.033 - Wave Systems Corp) HiddenWebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) HiddenWindows Driver Package - Dell Inc. PBADRV System(09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:- ) Packages:=========Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-18] (HP Inc.)Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp. -> Wave Systems Corp.)ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp. -> Wave Systems Corp.)ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmdShell_64x.dll [2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: )ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmdShell_64x.dll [2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-01] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmdShell_64x.dll [2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>-> No FileContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]Shortcut: C:\Users\Administrative\Desktop\SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\ysitebuilder.bat () ==================== Loaded Modules (Whitelisted) ============= 2012-05-14 21:00 - 2012-04-17 14:36 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll2009-11-17 21:58 - 2009-11-17 21:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll2009-11-17 21:58 - 2009-11-17 21:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll2011-04-29 10:34 - 2011-04-29 10:34 - 000927232 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc2011-04-29 10:34 - 2011-04-29 10:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc2011-04-29 18:08 - 2011-04-29 18:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc2011-08-18 00:29 - 2011-08-18 00:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000079872 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\SYSTEM32\hpzidr12.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\SYSTEM32\hpzipr12.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000045056 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\System32\HPZipt12.dll2010-08-06 10:15 - 2010-08-06 10:15 - 000030208 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\System32\HPZisn12.dll2012-05-14 21:00 - 2012-04-17 14:30 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll2011-07-01 12:54 - 2011-07-01 12:54 - 003510784 _____ (Wave Systems Corp.) [File not signed] C:\WINDOWS\system32\wvauth.DLL2020-11-11 02:19 - 2020-11-11 02:19 - 000024576 _____ (Wave Systems Corp.) [File not signed] C:\WINDOWS\WinSxS\amd64_wave.super.superprotocol_1aaab1af848ab112_2.0.0.6_none_d8efa9a12cd9eda0\Super.dll2020-11-11 02:19 - 2020-11-11 02:19 - 001175040 _____ (Wave Systems Corp.) [File not signed] C:\WINDOWS\WinSxS\amd64_wave.wcr10.cryptoruntime_1aaab1af848ab112_1.0.2.10_none_68ec49f2b74261d6\WCR10.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1575943820-1359115009-3172392316-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1URLSearchHook: HKU\S-1-5-21-1575943820-1359115009-3172392316-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. -> Yahoo! Inc.)SearchScopes: HKLM -> DefaultScope {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM -> {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1575943820-1359115009-3172392316-1000 -> DefaultScope {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = SearchScopes: HKU\S-1-5-21-1575943820-1359115009-3172392316-1000 -> {C759E25C-3769-46F9-A1A7-40770D9AF9B9} URL = SearchScopes: HKU\S-1-5-21-1575943820-1359115009-3172392316-1000 -> {CDAE639C-3C13-4294-A5BC-9CF1169F11EA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracleBHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg.dll [2019-02-12] (Trend Micro, Inc. -> Trend Micro Inc.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc -> Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc. -> Yahoo! Inc.)BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-25] (Oracle America, Inc. -> Oracle Corporation)BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg32.dll [2019-02-12] (Trend Micro, Inc. -> Trend Micro Inc.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc -> Google Inc.)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-25] (Oracle America, Inc. -> Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc. -> Yahoo! Inc)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-04] (Google Inc -> Google Inc.)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc -> Google Inc.)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc. -> Yahoo! Inc.)Toolbar: HKU\S-1-5-21-1575943820-1359115009-3172392316-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -No FileHandler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg.dll [2019-02-12] (Trend Micro, Inc. -> Trend Micro Inc.)Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmopIEPlg32.dll [2019-02-12] (Trend Micro, Inc. -> Trend Micro Inc.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2019-05-31 16:50 - 000000882 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\v5\;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;%SYSTEMROOT%\System32\OpenSSH\HKU\S-1-5-21-1575943820-1359115009-3172392316-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpgDNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)Windows Firewall is disabled. Network Binding:=============Local Area Connection: Trend Micro NDIS 6.0 Filter Driver -> Tmlwf (enabled) Wireless Network Connection: Trend Micro NDIS 6.0 Filter Driver -> Tmlwf (enabled)==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\Windows\pss\ScanSnap Manager.lnk.CommonStartupMSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartupMSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: ScanSnap OnlineUpdate Watcher => "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOSMSCONFIG\startupreg: ScanSnap WIA Service Checker => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exeHKLM\...\StartupApproved\Run32: => "Dropbox"HKU\S-1-5-21-1575943820-1359115009-3172392316-1000\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A230A1FD-CF6C-4FDF-8E6F-6E3698CFEC13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)FirewallRules: [{DC9A0065-B8B0-4760-B55C-9C318BB789BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)FirewallRules: [{FC61284A-0862-409E-AD5B-98BC4BD12C8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{F17351AC-A618-4492-A53C-0D985AB7919E}] => (Allow) LPort=2869FirewallRules: [{FFAE4EB4-1037-4C8F-9C6B-2B00E4E2FF1A}] => (Allow) LPort=1900FirewallRules: [{EB76E4AD-9ECD-4695-9275-B02099FAE1E4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{2C815C8D-B6A1-4BFE-9AC5-865E7F2FDBC0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{4D2C39C4-2D93-4843-9822-1672AEFE40F3}] => (Allow) LPort=61117FirewallRules: [{F0266F98-DC4C-4D34-BC63-7F39D4993FAA}] => (Allow) C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC. -> CANON INC.)FirewallRules: [{1C7E2B49-2C7D-4FE6-AE94-566A9B007FC9}] => (Allow) C:\Users\Administrative\AppData\Local\Temp\7zS3838\setup\hpznui40.exe => No FileFirewallRules: [{542EB00F-05D8-425B-84CB-EA8812A9B111}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{8AD34F9A-550E-4CB7-A5C5-C42F3300CE12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{46F2EADA-7293-4781-951B-3F0B5424C503}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{14744230-649D-45DD-A89D-E31CB345F67B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{A6A1CE6D-8687-4377-BBDB-6E3CDF24D974}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{34AA052D-4A53-4041-9065-0802B7371E1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{98A467E5-B16C-4F82-8935-C4BE598C6814}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{D1E9C976-9526-4FBA-8624-852EC116D769}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)FirewallRules: [{C79419A4-6A2F-4D8B-AF73-839ACF5D2CDF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)FirewallRules: [{E54B8B8F-B516-4CFE-8AA5-D1458EDA401A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]FirewallRules: [{18A6E272-2DEB-4BBF-91AD-AEE137FAC614}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.) [File not signed]FirewallRules: [{B0C0EE86-5B39-4FFB-8D4B-AF0B169D41C9}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)FirewallRules: [{006E8A58-8896-4622-B855-DEF114621BA0}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe => No FileFirewallRules: [{8E78E0FC-E16F-4599-81AD-F8CAE104FCCA}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)FirewallRules: [{C4638B1E-5355-415D-AE83-CC2967205CDE}] => (Allow) LPort=61117FirewallRules: [{1CF809F4-D6F6-4468-B3D7-6CE7F0F2DC85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{A7287C9D-DBCA-47AC-89D5-A72DBC42FB17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{B302231B-6CD6-4F7E-9BBB-487E55464363}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{70CF9718-06ED-43E6-B261-60BDA857E9B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{E0ABF791-96AD-4055-94F8-E82BA709508B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)FirewallRules: [{E94A8A44-2482-4218-95F3-3A2521AEBA53}] => (Allow) LPort=61116FirewallRules: [{47ED24F5-6E58-4575-9BF3-96284A7BBF3A}] => (Allow) LPort=21112 ==================== Restore Points ========================= 24-12-2020 14:56:32 Scheduled Checkpoint02-01-2021 13:18:39 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Photosmart D110 seriesDescription: Photosmart D110 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: ======================== Application errors:==================Error: (01/07/2021 08:17:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (01/07/2021 08:01:36 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )Description: The storage optimizer couldn't complete retrim on RECOVERY because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (01/06/2021 08:04:04 PM) (Source: SecurityCenter) (EventID: 18) (User: )Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore. Error: (01/06/2021 07:30:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: msedge.exe, version: 87.0.664.66, time stamp: 0x5fda7ff9Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015Exception code: 0xe0000008Fault offset: 0x000000000002d759Faulting process id: 0x2708Faulting application start time: 0x01d6e48c3428846bFaulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFaulting module path: C:\WINDOWS\System32\KERNELBASE.dllReport Id: f39d3592-2347-411d-a126-ac3c1f4d33c7Faulting package full name: Faulting package-relative application ID: Error: (01/06/2021 05:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: dwm.exe, version: 10.0.19041.508, time stamp: 0xcd97c98bFaulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015Exception code: 0xc00001adFault offset: 0x000000000010bd5cFaulting process id: 0x15e0Faulting application start time: 0x01d6e3e350e50214Faulting application path: C:\WINDOWS\System32\dwm.exeFaulting module path: C:\WINDOWS\System32\KERNELBASE.dllReport Id: 40955cbf-803c-4751-a265-bd7080492f45Faulting package full name: Faulting package-relative application ID: Error: (01/06/2021 04:03:26 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program chrome.exe version 87.0.4280.88 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2ed0 Start Time: 01d6e46e9c85b751 Termination Time: 29 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: ab88806f-d852-4f22-8d7b-9301f4aac309 Faulting package full name:Faulting package-relative application ID:Hang type: Unknown Error: (01/06/2021 03:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program msedge.exe version 87.0.664.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1158 Start Time: 01d6e466b0308a98 Termination Time: 26 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Report Id: e048394c-9d50-43a8-b391-82d7dddf516a Faulting package full name:Faulting package-relative application ID:Hang type: Unknown Error: (01/01/2021 01:11:07 PM) (Source: SecurityCenter) (EventID: 18) (User: )Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.System errors:=============Error: (01/06/2021 08:01:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )Description: The tcsd_win32.exe service depends on the following service: TBS. This service might not be installed. Error: (01/06/2021 08:01:26 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:34:28 PM on ‎1/‎6/‎2021 was unexpected. Error: (01/06/2021 05:08:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Error Reporting Service service terminated with the following error: The paging file is too small for this operation to complete. Error: (01/06/2021 05:07:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Error Reporting Service service terminated with the following error: The paging file is too small for this operation to complete. Error: (01/06/2021 05:07:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (01/06/2021 05:07:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (01/06/2021 05:03:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (01/06/2021 05:03:35 PM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: Insufficient system resources exist to complete the requested service.To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).CodeIntegrity:=================================== Date: 2021-01-08 17:03:49.5500000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:03:49.5320000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:03:49.5170000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:03:49.4800000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:03:49.4600000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:03:49.3740000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:00:39.6760000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. Date: 2021-01-08 17:00:39.6710000ZDescription: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Trend Micro\Client Server Security Agent\AMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements. ==================== Memory info ===========================BIOS: Dell Inc. A14 06/24/2018Motherboard: Dell Inc. 0M5DCDProcessor: Intel® Core™ i3-2120 CPU @ 3.30GHzPercentage of memory in use: 82%Total physical RAM: 3993.05 MBAvailable physical RAM: 709.41 MBTotal Virtual: 10354.12 MBAvailable Virtual: 1531.02 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:371.39 GB) NTFS \\?\Volume{7d0e03bc-9e3f-11e1-ac3f-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:16.15 GB) (Free:7.78 GB) NTFS ==================== MBR & Partition Table ==================== ==========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31191832)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021Ran by Administrative (administrator) on ADMIN-COMPUTER (Dell Inc. OptiPlex 390) (08-01-2021 17:05:49)Running from C:\Users\Administrative\DownloadsLoaded Profiles: AdministrativePlatform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)Default browser: EdgeBoot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Access Denied)[File not signed] C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe(CANON INC. -> CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe(Dell Computer Corporation) [File not signed] C:\dell\DBRM\Reminder\DbrmTrayicon.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\CPM\TMCPMAdapter.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\logWriter.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe(UPEK Inc. -> UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe(Wave Systems Corp.) [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) [File not signed]HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp. -> Wave Systems Corp.)HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink -> CyberLink Corp.)HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink -> CyberLink Corp.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [5609264 2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)HKLM\...\Windows x64\Print Processors\hpfpp101: C:\Windows\System32\spool\prtprocs\x64\hpfpp101.dll [254464 2009-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55872 2013-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc)HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)HKLM\...\Print\Monitors\HP 5B12 Status Monitor: C:\WINDOWS\system32\hpinksts5B12LM.dll [331664 2012-11-02] (Hewlett Packard -> Hewlett-Packard Co.)HKLM\...\Print\Monitors\hpf3l101.dll: C:\WINDOWS\system32\hpf3l101.dll [138752 2009-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-06] (Google LLC -> Google LLC)HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\87.1.18.77\Installer\chrmstp.exe [2020-12-30] (Brave Software, Inc. -> Brave Software, Inc.)HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)Lsa: [Authentication Packages] msv1_0 wvauthStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-07-30]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02EB2D2B-47CA-4AB6-9D19-6652AD3AE113} - System32\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool => c:\Program Files (x86)\Trend Micro\WFBSSUpdater\WFBSSUpdater.exe [2448328 2020-12-10] (Trend Micro, Inc. -> Trend Micro Inc.)Task: {09B4A4FC-4BBE-46AC-B321-D0587AD8F53F} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)Task: {09BF0076-2DDC-4CA4-BEBF-91A94BD761F3} - System32\Tasks\Fujitsu\Fujitsu Registration Update => C:\Program Files (x86)\Fujitsu Registration\fujitsureg.exe [73256 2015-05-13] (Leader Technologies Inc -> Aviata Inc)Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exeTask: {24093C7A-BB64-4A0F-967B-30A04900E47E} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exeTask: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exeTask: {4A96336B-2BC7-4C4C-A20A-0DD8FDC087BA} - System32\Tasks\{AF397270-C319-47BC-AA32-EF80BB9B78E6} => C:\Windows\system32\pcalua.exe -a C:\Users\ADMINI~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTIONTask: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exeTask: {51AA865A-DDB6-46FE-98FC-1F534E8523A9} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exeTask: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exeTask: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exeTask: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exeTask: {7999A0A7-D11A-45C6-BDD2-8E903177FB5A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}Task: {82AA3987-D6B7-4E65-B2FE-AD95D7EAB8BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {97BDF112-1DA9-4336-B16A-E5FBCA1506CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)Task: {A4C15DA3-8B2F-4DF8-BF12-9B4384976AFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)Task: {ACDC58CF-A087-48C0-A33C-1903B2116D07} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exeTask: {C2AC133F-617D-49DD-98E4-5851FB84C43C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1575943820-1359115009-3172392316-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}Task: {C5B38869-B902-42B9-A4A8-E7F470AFDD38} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exeTask: {C76AADBB-0F86-4415-9764-71CC8E93C278} - System32\Tasks\{2E761873-55FA-4D1D-8715-3F3D38897279} => C:\Windows\system32\pcalua.exe -a C:\Users\ADMINI~1\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTIONTask: {C8FD67B4-7768-452B-827F-077017C0EBDE} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTIONTask: {C93ADDF6-F877-4786-BD4E-9A213FA732F6} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2134752 2015-05-27] (Dell Inc. -> Dell Inc.)Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exeTask: {D105FEF8-9E15-4E3C-88B2-1431483FE465} - System32\Tasks\Fujitsu\Fujitsu Registration => C:\Program Files (x86)\Fujitsu Registration\fujitsureg.exe [73256 2015-05-13] (Leader Technologies Inc -> Aviata Inc)Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exeTask: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exeTask: {DB6CD9AC-266C-42E3-9D59-FA14E18EF3A4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}Task: {E0024056-A3C8-4FB2-88B3-77B17119DC8B} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}Task: {E39612D9-4DEA-48A3-B1BD-1094D7644429} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exeTask: {F218EEF0-1004-40A5-A322-21D0A63B9A31} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}Task: {F8435864-B847-469F-81C1-762E4EFABCBD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTIONTask: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool.job => c:\Program Files (x86)\Trend Micro\WFBSSUpdater\WFBSSUpdater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{4791E639-80BF-4127-8563-E2A6116DD6DA}: [DhcpNameServer] 192.168.1.254 Edge: ======DownloadDir: C:\Users\Administrative\DownloadsEdge DefaultProfile: DefaultEdge Profile: C:\Users\Administrative\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-08]Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Administrative\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2020-12-17]Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox:========FF ProfilePath: C:\Users\Administrative\AppData\Roaming\Mozilla\Firefox\Profiles\6veo9h42.default [2020-07-02]FF Homepage: Mozilla\Firefox\Profiles\6veo9h42.default -> hxxp://www.google.com/FF Extension: (Trend Micro NSC Firefox Extension) - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-10-29] [Legacy]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [Legacy] [not signed]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-25] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-25] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: =======CHR DefaultProfile: DefaultCHR Profile: C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default [2021-01-06]CHR Extension: (Slides) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]CHR Extension: (Docs) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]CHR Extension: (Google Drive) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]CHR Extension: (YouTube) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-20]CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-06]CHR Extension: (Sheets) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]CHR Extension: (Google Docs Offline) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]CHR Extension: (Gmail) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-01]CHR Extension: (Chrome Media Router) - C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-17]CHR Profile: C:\Users\Administrative\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-08-30]CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-21] (Brave Software, Inc. -> BraveSoftware Inc.)R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5043144 2016-01-18] (CANON INC. -> CANON INC.)S3 FujitsuProdRegManager; C:\Program Files (x86)\Fujitsu Registration\EngageService.exe [293424 2015-05-13] (Leader Technologies Inc -> Aviata, Inc.)R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-09] (Malwarebytes Inc -> Malwarebytes)R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [8494056 2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-02-07] (Realtek Semiconductor Corp. -> )S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [422984 2020-12-09] (Trend Micro, Inc. -> Trend Micro Inc.)S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [1841584 2020-10-15] (Access Denied)[File not signed]R3 TmCCSF; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [1894368 2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [5818208 2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [618120 2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)S3 TmWSCSvc; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmWSCSvc.exe [485080 2020-12-08] (Trend Micro, Inc. -> Trend Micro Inc.)R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-09] (Malwarebytes Corporation -> Malwarebytes)R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-09] (Malwarebytes Inc -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-09] (Malwarebytes Inc -> Malwarebytes)S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-09] (Malwarebytes Inc -> Malwarebytes)S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-09] (Malwarebytes Inc -> Malwarebytes)S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [147736 2020-10-15] (Access Denied)[File not signed]R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [427608 2020-07-15] (Access Denied)[File not signed]R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [152712 2020-06-22] (Trend Micro, Inc. -> Trend Micro Inc.)S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [38408 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [105152 2020-10-15] (Access Denied)[File not signed]R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [428168 2020-06-30] (Trend Micro, Inc. -> Trend Micro Inc.)R1 TmLwf; C:\WINDOWS\system32\DRIVERS\tmlwf.sys [168552 2019-06-13] (Trend Micro, Inc. -> Trend Micro Inc.)R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [72328 2020-06-30] (Trend Micro, Inc. -> Trend Micro Inc.)S3 tmumh; C:\WINDOWS\System32\DRIVERS\TMUMH.sys [153376 2019-05-08] (Trend Micro, Inc. -> Trend Micro Inc.)R3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [137112 2020-05-15] (Trend Micro, Inc. -> Trend Micro, Inc.)R2 tmWfp; C:\WINDOWS\system32\DRIVERS\tmwfp.sys [306216 2019-06-13] (Trend Micro, Inc. -> Trend Micro Inc.)R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2812552 2020-06-30] (Trend Micro, Inc. -> Trend Micro Inc.)S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)U3 idsvc; no ImagePathR1 tmcomm; C:\Windows\SysWOW64\DRIVERS\tmcomm.sys <==== ATTENTION (Access Denied)R2 tmevtmgr; C:\Windows\SysWOW64\DRIVERS\tmevtmgr.sys <==== ATTENTION (Access Denied) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-08 17:05 - 2021-01-08 17:08 - 000029830 _____ C:\Users\Administrative\Downloads\FRST.txt2021-01-08 17:05 - 2021-01-08 17:07 - 000000000 ____D C:\FRST2021-01-08 17:01 - 2021-01-08 17:02 - 002282496 _____ (Farbar) C:\Users\Administrative\Downloads\FRST64 (3).exe2021-01-08 16:59 - 2021-01-08 17:00 - 002282496 _____ (Farbar) C:\Users\Administrative\Downloads\FRST64 (1).exe2021-01-08 16:58 - 2021-01-08 16:59 - 002282496 _____ (Farbar) C:\Users\Administrative\Downloads\FRST64.exe2021-01-08 11:49 - 2021-01-08 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent2021-01-06 16:40 - 2021-01-06 16:40 - 000384498 _____ C:\Users\Administrative\Downloads\2021_Revaluation_Notice_6825-31-8914.000.pdf2020-12-28 16:40 - 2020-12-28 16:40 - 000832836 _____ C:\Users\Administrative\Downloads\5-Second_War_Docs.pdf2020-12-27 11:12 - 2020-12-27 11:12 - 000030153 _____ C:\Users\Administrative\Downloads\RW CG.xlsx2020-12-16 14:45 - 2020-12-16 14:45 - 010732649 _____ C:\Users\Administrative\Desktop\Maps Search Evaluation.pdf2020-12-11 12:01 - 2020-12-11 12:01 - 000168170 _____ C:\Users\Administrative\Downloads\EligibilityResultsNotice (1).pdf2020-12-09 16:23 - 2020-12-09 16:23 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys2020-12-09 16:23 - 2020-12-09 16:23 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys2020-12-09 16:17 - 2020-12-09 16:17 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2020-12-09 16:17 - 2020-12-09 16:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-08 16:48 - 2020-11-11 02:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2021-01-08 16:48 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2021-01-08 16:47 - 2017-06-12 08:50 - 000058553 _____ C:\WINDOWS\cfgall.ini2021-01-08 15:42 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps2021-01-08 15:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness2021-01-07 23:05 - 2020-11-11 02:15 - 000000000 ____D C:\Users\Administrative2021-01-06 20:06 - 2020-11-11 02:28 - 001003890 _____ C:\WINDOWS\system32\PerfStringBackup.INI2021-01-06 20:06 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF2021-01-06 20:01 - 2020-11-11 02:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2021-01-06 20:01 - 2020-11-11 02:09 - 000008192 ___SH C:\DumpStack.log.tmp2021-01-06 20:01 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM2021-01-06 19:30 - 2020-08-21 15:12 - 000000000 ____D C:\Users\Administrative\AppData\Local\CrashDumps2021-01-06 17:08 - 2012-09-24 08:59 - 000000000 ____D C:\Users\Administrative\Documents\Outlook Files2021-01-06 16:40 - 2017-06-20 14:32 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2021-01-06 16:40 - 2017-06-20 14:32 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2021-01-06 16:40 - 2017-06-20 14:32 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk2021-01-01 13:06 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI2020-12-30 22:19 - 2020-07-21 16:21 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk2020-12-30 22:19 - 2020-07-21 16:21 - 000002379 _____ C:\Users\Public\Desktop\Brave.lnk2020-12-30 22:19 - 2020-07-21 16:21 - 000002379 _____ C:\ProgramData\Desktop\Brave.lnk2020-12-28 16:55 - 2019-10-17 11:14 - 000000000 ____D C:\Users\Administrative\Desktop\Richthofen's War Stuff2020-12-28 15:31 - 2019-12-27 15:51 - 000000000 ____D C:\Users\Administrative\Desktop\Pickle Drop Stuff2020-12-26 11:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed2020-12-26 11:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Macromed2020-12-19 12:29 - 2020-06-21 10:29 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2020-12-19 12:29 - 2020-06-21 10:29 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk2020-12-19 12:29 - 2020-06-21 10:29 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk2020-12-17 21:11 - 2020-04-14 14:46 - 000000000 ____D C:\Users\Administrative\AppData\Local\D3DSCache2020-12-16 16:37 - 2020-11-11 02:39 - 000003396 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1575943820-1359115009-3172392316-10002020-12-16 16:37 - 2020-11-11 02:15 - 000002442 _____ C:\Users\Administrative\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2020-12-16 16:37 - 2020-01-14 14:34 - 000000000 ___RD C:\Users\Administrative\OneDrive2020-12-14 14:18 - 2020-11-11 02:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Dell2020-12-13 11:32 - 2020-11-09 14:43 - 000000000 ___DC C:\WINDOWS\Panther2020-12-12 16:39 - 2016-11-10 09:52 - 000000386 _____ C:\WINDOWS\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool.job2020-12-12 16:16 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp2020-12-12 16:10 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing2020-12-10 14:50 - 2020-11-11 02:39 - 000003234 _____ C:\WINDOWS\system32\Tasks\Trend Micro Worry-Free Business Security Services Recovery Pack Tool2020-12-09 16:17 - 2020-09-05 14:57 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2020-12-09 16:17 - 2020-08-06 12:30 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk2020-12-09 16:17 - 2020-04-01 16:28 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2020-12-09 16:17 - 2020-04-01 16:28 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk2020-12-09 16:17 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP2020-12-09 16:15 - 2020-04-01 16:28 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======== 2012-05-21 14:00 - 2012-05-21 14:00 - 000020984 _____ (Intel Corporation) C:\Users\Administrative\AppData\Roaming\JomCap.dll2014-02-11 16:25 - 2014-02-11 16:25 - 000005003 _____ () C:\Users\Administrative\AppData\Roaming\UserTile.png2020-03-10 15:57 - 2020-03-10 16:13 - 000000000 _____ () C:\Users\Administrative\AppData\Local\{B4DBF724-4A8B-41D2-AA20-46216A39B43D} ==================== FLock ============================== 2020-10-15 02:00 C:\WINDOWS\system32\Drivers\tmactmon.sys2020-07-15 12:33 C:\WINDOWS\system32\Drivers\tmcomm.sys2020-10-15 02:00 C:\WINDOWS\system32\Drivers\tmevtmgr.sys ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ================