Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virus detected on windows defender

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: virus detected on windows defender

Unread postby jwdo » May 3rd, 2024, 8:44 pm

And here is Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (03-05-2024 17:33:56)
Running from C:\Users\Dave\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4355 (X64) (2021-06-21 00:53:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4182419237-4015324695-3907471336-500 - Administrator - Enabled) => C:\Users\Administrator
Dave (S-1-5-21-4182419237-4015324695-3907471336-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4182419237-4015324695-3907471336-503 - Limited - Disabled)
Guest (S-1-5-21-4182419237-4015324695-3907471336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4182419237-4015324695-3907471336-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4182419237-4015324695-3907471336-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{2DC070EE-D256-4564-BC7C-A78085F22080}) (Version: 4.28.0.5600 - Open Media LLC)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 13 (HKLM-x32\...\AU11_is1) (Version: 13.26.0.68 - Innovative Solutions)
Airlink101 WLAN Monitor (HKLM-x32\...\{9C048189-055C-4a0c-A916-1D8C132455EB}) (Version: 1.01.0095 - REALTEK Semiconductor Corp.)
Amazon Kindle (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Amazon Kindle) (Version: 1.40.1.65535 - Amazon)
AOMEI Partition Assistant 10.2.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: 10.2.1 - AOMEI International Network Limited.)
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ashampoo Driver Updater (HKLM\...\{0A11EA01-9351-AD68-8AFA-02337415E1F8}_is1) (Version: 1.6.1 - Ashampoo GmbH & Co. KG)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC16014E7500}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Audacity 3.4.2 (HKLM\...\Audacity_is1) (Version: 3.4.2 - Audacity Team)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{814f6cd2-0708-44fd-869c-24fd0c01dad9}) (Version: 2.7.8 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{b8aa1655-5339-4004-ab71-e69f55477cc8}) (Version: 2.8.1 - Mean)
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Bible Mapper 5 (HKLM-x32\...\{81CFDC81-A76D-4098-A8A8-D2BC21340D51}) (Version: 5.1 - BarrettWare)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.14.0.1061 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacksServices) (Version: 3.0.2 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacks X) (Version: 10.5.0.1016 - now.gg, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother HL-5250DN (HKLM-x32\...\{30DC4A13-6C77-4576-9D31-3C7B80847AAF}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{B3DF9767-C635-4558-A655-D586070E2CE3}) (Version: 124.0.6367.18 - Google LLC)
ClipGrab 3.9.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - The ClipGrab Project)
CrystalDiskInfo 9.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.1 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 198.4.7615 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.1 - Sharpened Productions)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FilExile (HKLM-x32\...\{37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC}_is1) (Version: 3.00 - Bryan Carey)
Folder Size 4.9.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 4.9.0.0 - MindGems, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.1.1.1017 - Digital Wave Ltd)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
FreeFileSync (HKLM-x32\...\FreeFileSync_is1) (Version: 13.5 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.119 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 90.0.3.0 - Google LLC)
Hot Illustrations 1.0 (HKLM-x32\...\Hot Illustrations 1.0) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{71175310-91E7-49E9-A714-15151F839268}) (Version: 44.5.501.81934 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{1DE1A510-1B9F-409E-A586-34C6DB1EDF1F}) (Version: 44.5.0.0 - HP)
HP ENVY 5000 series Basic Device Software (HKLM\...\{51F12478-A80C-47F4-850F-B31D7DAF9365}) (Version: 44.11.2778.22166 - HP Inc.)
HP ENVY 5000 series Help (HKLM-x32\...\{B868134D-0D88-4973-BDD8-07E2522C9102}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{8202C130-5331-4FA4-9B94-CD5B7D595971}) (Version: 44.5.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C7242B1F-50CF-4C88-92C0-6012281B0E72}) (Version: 44.5.501.81934 - HP)
HP OneDrive Plugin (HKLM-x32\...\{88B06412-906E-473D-B69B-71EB040F15F5}) (Version: 44.5.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{C3547CAA-C272-4A32-9A53-358892E9026B}) (Version: 44.5.0.0 - HP)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.66 - Martin Malik, REALiX s.r.o.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Mailsware EML Converter Toolkit (HKLM-x32\...\Mailsware EML Converter Toolkit_is1) (Version: - Mailsware)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{2AA3C13E-0531-41B8-AE48-AE28C940A809}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30153 (HKLM-x32\...\{e3aefa8b-a2ea-42b8-a384-95f2ff6df681}) (Version: 14.29.30153.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30153 (HKLM-x32\...\{F263DEED-F2D3-4AB2-9D1C-C47ED5AA8BFC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30153 (HKLM-x32\...\{F3E4AF00-C81D-4253-B947-67DD661932EC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 120.0 (x64 en-US)) (Version: 120.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0 - Mozilla)
Mp3tag v3.23 (HKLM-x32\...\Mp3tag) (Version: 3.23 - Florian Heidenreich)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{7520AAFB-1D48-487F-B935-FD7C5704F0C4}) (Version: 1.40.1227 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{78529c24-adb9-454f-aaa7-165c17c33375}) (Version: 1.40.1.8227 - Plex, Inc.)
Product Improvement Study for HP ENVY 5000 series (HKLM\...\{A3E4FE6D-D1E5-48DE-AF23-D37F3B3A2069}) (Version: 44.11.2778.22166 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScreenPal Web Launcher v3.0.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\ScreenPal v3 (WebLauncher)) (Version: - ScreenPal)
Software Update 6.63.0.63 (HKLM-x32\...\Software Update) (Version: 6.63.0.63 - Glarysoft Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stopping Plex (HKLM-x32\...\{0296DFD3-2270-44C6-A797-5928F4DB8BA1}) (Version: 1.40.1227 - Plex, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
TreeSize Free V4.7.1 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.7.1 - JAM Software)
TunesBro ScreenGeeker (HKLM-x32\...\TunesBro ScreenGeeker_is1) (Version: 4.7.2 - TunesBro ScreenGeeker)
UCheck version 5.0.5.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 5.0.5.0 - Adlice Software)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Watchtower Library - English (HKLM-x32\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Web Launch Recorder (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WebLaunchRecorder) (Version: 2.0 - )
WhatsApp (Outdated) (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WhatsApp) (Version: 2.2326.10 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WinDirStat) (Version: - )
Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 6.5 - Digiarty, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 9 - WordWeb Software)
Zoom (64-bit) (HKLM\...\{3B21D66C-F004-4CC5-8DCD-0BC9F66515AC}) (Version: 5.16.26186 - Zoom)
Zoom Outlook Plugin (HKLM-x32\...\{6FB428F1-BEAC-41DE-A15C-24EDFD4C503B}) (Version: 5.15.5 - Zoom)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.931.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-05-02] (Dropbox Inc.)
File Analyzer -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzer_2.0.0.0_x64__2js97y2b9kjke [2021-07-05] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-22] (HP Inc.)
JW Library -> C:\Program Files\WindowsApps\WatchtowerBibleandTractSo.45909CDBADF3C_14.3.37.0_x64__5rz59y55nfz3e [2024-04-09] (Watchtower Bible and Tract Society of New York)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-23] (Microsoft Corporation)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.5.2130.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
NetBenefits by Fidelity -> C:\Program Files\WindowsApps\FidelityInvestments.NetBenefitsbyFidelity_2.7.4.0_x64__b03vwwp8y0xw6 [2022-10-24] (Fidelity Investments)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.14.0_x64__1crh1k73ty8mg [2023-02-23] (Media Life)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-03-21] (Adobe Systems Incorporated)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2417.4.0_x64__cv1g1gvanyjgm [2024-05-03] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Dave\Dropbox [2018-10-21 14:12]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers2: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.72.0.dll [2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\nvshext.dll [2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dave\Documents\WDD 2TB External Drive\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\Dave\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\bbbf3001ec3bcba0\Honey.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=bmnlcjabgnpnenekpadlanbbkooimhnj
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Dave - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2024-03-21 13:29 - 2024-03-21 13:29 - 000433664 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\aac_decoder.dll
2024-04-28 11:18 - 2024-04-28 11:18 - 000402944 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\aac_encoder.dll
2024-04-12 02:07 - 2024-04-12 02:07 - 000251392 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\adpcm_ima_wav_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000573952 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\flv_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001803776 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\h264_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 002366464 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\libx264_encoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000329216 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\mp3_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000349696 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\vp6f_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000308224 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmapro_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000318976 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmav2_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001045504 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmv3_decoder.dll
2023-03-16 09:51 - 2008-08-25 18:29 - 000131072 _____ () [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\EnumDevLib.dll
2024-02-17 13:53 - 2023-06-20 01:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-03-16 09:51 - 2009-06-26 11:45 - 000405504 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlLib.dll
2023-03-16 09:51 - 2008-12-30 20:15 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\IpLib.dll
2023-03-16 09:51 - 2008-10-22 23:59 - 000036864 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlICS.dll
2022-06-25 20:21 - 2022-12-28 21:28 - 001111883 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-03-16 09:51 - 2006-07-05 06:45 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE trusted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12762 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2024-04-27 16:31 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2021-11-03 09:06 - 2021-11-07 16:32 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\Run: => "msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "WordWeb"
HKLM\...\StartupApproved\Run32: => "ccleaner_update_helper"
HKLM\...\StartupApproved\Run32: => "Phantom_Sl"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "ScreenPal Tray"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "zoommsirepair"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B266382E-1C8F-42FA-98E6-F279674B7E84}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{9EEEEC05-02F6-4029-8091-0B5B26CF7400}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [TCP Query User{90FC14FD-0B4F-4355-BFEC-91BF8A9F3735}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{686736E0-3C65-4BFB-9F49-45691090D5FE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{195B44B0-BF8E-4B80-8A6E-E9D1714B1F98}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{A79F678E-00B9-427F-82D6-3BD81B9DFDE1}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{A3FB6C31-9BCF-4227-90DB-9AB7F77B8DAC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56AA02FA-C0B8-4178-B467-99FB05DA0E2E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{19BC05A0-218C-412E-83F0-1379D2E03855}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{31ADDC6C-C250-4F1F-B146-6C1C6CE98B10}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{44F00A23-EA84-4021-AEAC-AF2908C3CA8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-04-2024 20:06:18 Scheduled Checkpoint
30-04-2024 14:18:59 Windows Modules Installer
30-04-2024 16:38:55 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2024 03:29:21 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:29:21 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:29:20 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.

Error: (05/03/2024 03:29:20 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:29:20 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:22:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:22:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (05/03/2024 03:22:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (05/03/2024 03:21:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (05/03/2024 03:14:21 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2024 03:14:10 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/03/2024 03:14:10 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2024 03:14:03 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/03/2024 03:13:49 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2024 03:13:22 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2024 03:13:14 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
================
Date: 2024-05-03 12:17:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-03 12:03:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-05-03 15:11:05
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-05-01 08:11:45
Description:
Microsoft Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Dave\Downloads\Computer Analyzers\Speccy (good)\spsetup132.exe; file:_E:\Downloads\Computer Analyzers\Speccy (good)\spsetup132.exe; file:_F:\Downloads\Computer Analyzers\Speccy (good)\spsetup132.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
Action: Unknown
Action Status: No additional actions required
Error Code: 0x80508033
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: AV: 1.409.616.0, AS: 1.409.616.0, NIS: 1.409.616.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4

CodeIntegrity:
===============
Date: 2024-05-03 17:34:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2024-05-03 17:34:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-05-03 17:26:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. FD 02/26/2016
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 61%
Total physical RAM: 8150.56 MB
Available physical RAM: 3156.86 MB
Total Virtual: 16342.56 MB
Available Virtual: 10162.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:555.95 GB) (Model: WDC WD1003FZEX-00K3CA0) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:11.52 GB) (Model: WDC WD1003FZEX-00K3CA0) FAT32

\\?\Volume{3f368315-d45d-11e8-8b54-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{62b55203-0000-0000-0000-30c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 62B55203)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)

==================== End of Addition.txt =======================
jwdo
Regular Member
 
Posts: 36
Joined: February 8th, 2011, 7:18 pm
Advertisement
Register to Remove

Re: virus detected on windows defender

Unread postby pgmigg » May 3rd, 2024, 10:12 pm

Great! Lets continue...

FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Hit your Windows Key + R to open a Run window
  4. Type Notepad then click OK
  5. This will open an empty Notepad document
  6. Copy/Paste the following into it (Don't include Code: Select all ) .....
Code: Select all
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]

EmptyTemp:
CMD: ipconfig /flushdns

  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5497
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: virus detected on windows defender

Unread postby jwdo » May 4th, 2024, 11:08 am

Here is the fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (04-05-2024 07:55:12) Run:3
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Users\Dave\Desktop\Bible Programs => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Cloud Drives => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Computer Analyzers => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Delete Programs => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Printers => ":com.dropbox.attrs" ADS could not remove.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31719720 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 5277381 B
Edge => 0 B
Chrome => 615434203 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5854 B
NetworkService => 12874 B
Dave => 13206544 B
Administrator => 13206544 B

RecycleBin => 0 B
EmptyTemp: => 647.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:57:44 ====
jwdo
Regular Member
 
Posts: 36
Joined: February 8th, 2011, 7:18 pm

Re: virus detected on windows defender

Unread postby pgmigg » May 4th, 2024, 10:38 pm

Hi jwdo,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.

Before I give you instructions how to keep your computer clean and secure, I would like to say that it is a time to give you some notes and suggestion.

The modern Windows 10 contains its own antivirus software Windows Defender which is not so bad and even smart enough to automatically disable itself when it detects the third party program. As we both know, this is what you use as your main defense.

There are a large number of antivirus and anti-malware programs on the market that differ in capabilities, statistics of results, and technical features, including the share of consumption of the computer’s system resources.
In addition, there are countless small applications that quickly become outdated or cease to be useful, and sometimes simply interfere with serious protection, which takes on the same functions as small tools, but does it much better and more thoroughly.

Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    AV: Spybot - Search and Destroy (Enabled - Up to date)
    AV: Windows Defender (Enabled - Up to date)
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to uninstall Spybot - Search and Destroy as well as other two unused today tools: SpywareBlaster 6.0 and SUPERAntiSpyware

Personally, after long comparisons and analysis, for myself, I chose Malwarebytes (MBAM) Premium (paid version), which is not only compact in terms of installation size, but also extremely effective in work - several years ago it saved me from a ransom virus - no, it didn’t cure it, but MBAM warned of the appearance and gave me the opportunity to disconnect the computer from the Internet when the file encryption process had just begun, to save the remainder and reformat the hard drive.
I have no other protection than MBAM and have been renewing my subscription for many years in a row - this tool is worth it!

Thus, if you decide to change the anti-virus program, you will have to download a new one, uninstall the old one, restart the computer, and install the new one - in that order!
For that short time that passes between you will be automatically protected by Windows Defender.

Finally:
Please click HERE
to find a short guide to staying safer online.


Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5497
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: virus detected on windows defender

Unread postby jwdo » May 4th, 2024, 11:31 pm

Thank you, I didn't realize that spybot was enabled. I thought it was just sitting dormant until I accessed it. Whatever the case, I uninstalled it. so can we consider this post closed?
jwdo
Regular Member
 
Posts: 36
Joined: February 8th, 2011, 7:18 pm

Re: virus detected on windows defender

Unread postby pgmigg » May 5th, 2024, 10:43 am

As the problems seem to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see
Feedback for Our Helpers - Say "Thanks" Here.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5497
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 385 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware