Free Malware Removal Forum

[jwdo]

As I'm not that tech savvy. I think I understand what you meant by posting the fixlog.txt. so now hopefully I'm sending you the fixlog.txt in my post. Here it is:
fixlist content:
*****************
CreateRestorePoint:

AlternateShell: <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {442AF1B9-5B62-4ECC-89BF-CFB5A29F89B3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E9B86E8B-2754-4D10-9DE1-6BF143295F05} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
S3 cpuz153; \??\C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys [X] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
AlternateDataStreams: C:\Users\Dave\Desktop\Back-up Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Browsers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cleaner:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\File_Folder Size:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Hot Illustrations:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Proctor folder.lnk:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Readers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Video_Audio Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Virus and Spyware:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Windows Sysinternals:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Annuity Companies:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Anti-Keyloggers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Apple:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Apps:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Avery Labels:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Backup and Cloud Software:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\backupwindowskey:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Bibles:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Blue Screen Of Death:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Browsers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\CD-DVD:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Codecs:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\CPU Check:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Defraggers (Disk):com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\DesktopOK (arranges icons):com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Dictionaries:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Downloading using Torrents and Filezilla:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Drive Icon Changer:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Drivers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Drives (Hard Disk):com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Dropbox:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Enable Greyed Out Buttons:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\Favorites:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\Faxing:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Fidelity:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Files -Folders:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Firewalls:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\FixWindows Media Player:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\FlashBench_USB Test:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Google Drive:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Hebrew:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\HiddenToggle:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\install:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Internet:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\iPad, iPhone, iCloud:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\jruler:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Kerux illustration database:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Memory:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Monitors:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Mouse:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Music-Video-Text files:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Net Framework Setup Verifier:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Network Test Tool:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\OCR Software:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Online Storage and Syncing:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Paint Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Password Protection:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Portable Programs on USB:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Printers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Product key Finders:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Readers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Registry(+) Cleaners:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Remote Access Computer:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Repair Windows:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Screen capture & recording programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Search for Files, Folders, Words, Phrases:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\Shell Extensions:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\Silverlight:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Software analyzer_Updater:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Software-Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Spyware Warrior Files:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Startup Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Stocks:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Sysnative Files:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\System Cleaners:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Theocratic Items:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Uninstallers:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Dave\Downloads\unzipped:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Update Checker:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\USB Drives and Analyzer:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Video Memory:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Virtual Disk Drive:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Virus and Spyware Removal Tools:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\WhatsApp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Windows:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Windows Sysinternals:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Windows Sysinternals Suite:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Word Processers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Youtube:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Z - Miscellaneous:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Zip Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Downloads\Zoom:com.dropbox.attrs [54]
C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys
C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys

EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\System\CurrentControlSet\Control\SafeBoot\\"AlternateShell"="cmd.exe" => value restored successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{442AF1B9-5B62-4ECC-89BF-CFB5A29F89B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{442AF1B9-5B62-4ECC-89BF-CFB5A29F89B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9B86E8B-2754-4D10-9DE1-6BF143295F05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B86E8B-2754-4D10-9DE1-6BF143295F05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully
cpuz149 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz153 => removed successfully
cpuz153 => service removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
C:\Users\Dave\Desktop\Back-up Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Bible Programs => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Browsers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Cleaner => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Cloud Drives => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Computer Analyzers => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Delete Programs => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\File_Folder Size => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Hot Illustrations => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Printers => ":com.dropbox.attrs" ADS could not remove.
C:\Users\Dave\Desktop\Proctor folder.lnk => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Readers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Video_Audio Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Virus and Spyware => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Desktop\Windows Sysinternals => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Annuity Companies => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Anti-Keyloggers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Apple => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Apps => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Avery Labels => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Backup and Cloud Software => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\backupwindowskey => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Bibles => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Blue Screen Of Death => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Browsers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\CD-DVD => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Codecs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Computer Analyzers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\CPU Check => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Defraggers (Disk) => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\DesktopOK (arranges icons) => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Dictionaries => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Downloading using Torrents and Filezilla => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Drive Icon Changer => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Drivers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Drives (Hard Disk) => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Dropbox => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Enable Greyed Out Buttons => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Favorites => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Faxing => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Fidelity => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Files -Folders => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Firewalls => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\FixWindows Media Player => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\FlashBench_USB Test => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Google Drive => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Hebrew => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\HiddenToggle => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\install => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Internet => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\iPad, iPhone, iCloud => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\jruler => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Kerux illustration database => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Memory => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Monitors => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Mouse => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Music-Video-Text files => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Net Framework Setup Verifier => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Network Test Tool => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\OCR Software => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Online Storage and Syncing => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Paint Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Password Protection => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Portable Programs on USB => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Printers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Product key Finders => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Readers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Registry(+) Cleaners => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Remote Access Computer => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Repair Windows => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Screen capture & recording programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Search for Files, Folders, Words, Phrases => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Shell Extensions => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Silverlight => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Software analyzer_Updater => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Software-Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Spyware Warrior Files => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Startup Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Stocks => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Sysnative Files => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\System Cleaners => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Theocratic Items => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Uninstallers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\unzipped => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Update Checker => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\USB Drives and Analyzer => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Video Memory => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Virtual Disk Drive => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Virus and Spyware Removal Tools => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\WhatsApp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Windows => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Windows Sysinternals => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Windows Sysinternals Suite => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Word Processers => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Youtube => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Z - Miscellaneous => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Zip Programs => ":com.dropbox.attrs" ADS removed successfully
C:\Users\Dave\Downloads\Zoom => ":com.dropbox.attrs" ADS removed successfully
"C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys" => not found
"C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 168643844 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 21514733 B
Edge => 0 B
Chrome => 696730983 B
Firefox => 57263318 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 252 B
LocalService => 617851 B
NetworkService => 654121 B
Dave => 40931033 B
Administrator => 84469117 B

RecycleBin => 0 B
EmptyTemp: => 1022.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:05:52

[pgmigg]

Good job jwdo, thank you!

You did some cleanup of your computer which should be done in any case.

I still see that Windows Defender says I still have the "PUIDIManager:Win32/OfferCore" virus.

Regarding the supposed virus that Window Defender detected, I must say that this is a problem with the tool itself.

The PUADlManager:Win32/OfferCore is a detection of Microsoft Defender related to bundled software, specifically to a piece of code that is used to create the bundle.
OfferCore itself is not a specific program or application. Instead, it is an add-on used to package multiple software components into a single installer. Such components rarely include any useful applications and usually deliver unwanted software.

Seeing the Win32/OfferCore detection means that there is a software installer infused with this bundler. While its presence is not severely dangerous, having one running in the system is not a desirable situation.
The bundling is a software monetization and distribution method that combines multiple programs into a single installer.
Often users do not realize that they are not only installing the desired application but also additional components, most commonly unwanted applications.

Before we begin to work on removing the source of this problem, I want to get a fresh scan by FRST.

Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.

1. Please close all open programs and windows.
2. Right-click FRST64.exe and select "Run as administrator..." to run it.
3. When the tool opens click Yes to the disclaimer if it is occurred.
4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
5. Please be sure that Addition.txt check box under Optional Scan section is checked.
6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the FRST.txt log file after fresh FRST scan
3. Contents of the Addition.txt log file after fresh FRST scan
4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[jwdo]

OK, I ran a fresh scan with 90 days checked and addition.txt checked and here is the results of frst.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by Dave (administrator) on DAVE-PC (27-04-2024 08:07:27)
Running from C:\Users\Dave\Desktop\FRST64.exe
Loaded Profiles: Dave
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\89.0.2.0\crashpad_handler.exe
(C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe <6>
(C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\90.0.3.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe
(explorer.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2403.5.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11551632 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6975864 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11247648 2024-04-21] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [MicrosoftEdgeAutoLaunch_525658F00744E14F17037BCCD3CC786D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4082112 2024-04-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Print\Monitors\HP 0853 Status Monitor: C:\WINDOWS\system32\hpinksts0853LM.dll [476856 2019-03-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5000 series): C:\WINDOWS\system32\HPDiscoPM0853.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.79\Installer\chrmstp.exe [2024-04-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B868A5A-309C-4B26-8510-45FEAEEBDD39} - System32\Tasks\{FD54965B-CC62-49DD-B566-0FB9EC51EB21} => C:\Windows\System32\pcalua.exe [53760 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH\setup.exe -d C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH
Task: {DFCD6C2B-3897-4B02-97C2-7AC16B827023} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {941B174E-0870-49FD-89D9-D12D31D41760} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {93BBBB91-41ED-40D4-AC8A-80E778716B1F} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-11-17] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {E88A9596-EE2F-4093-A61C-56FCA62C2893} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {415D11DF-2D38-47EC-8E0D-B72054A94B7F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "1e19de12-5a41-46bc-b82b-e4e77ac56060" --version "6.23.11010" --silent
Task: {0CCB9D4C-FA40-4825-B33F-C5914611F588} - System32\Tasks\CCleanerSkipUAC - Dave => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DDD5A1FC-AEA1-42EE-AF98-2AEF1B1C866D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {7C9DEE41-1672-4E83-912D-AB0777438CF9} - System32\Tasks\Driver Booster Scheduler => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\Scheduler.exe" /scheduler (No File)
Task: {CD166542-F4D9-4FAC-812B-963A101BEE40} - System32\Tasks\Driver Booster SkipUAC (Dave) => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\DriverBooster.exe" /skipuac (No File)
Task: {1B36D84A-2374-42A4-97C9-E52C14743354} - System32\Tasks\Driver Booster Update => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\AutoUpdate.exe" /auto (No File)
Task: {6A375C80-2380-48EB-B719-CC2A21488DF8} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [4036480 2023-06-06] (Easeware Technology Limited -> Easeware) -> C:\Program Files\Easeware\DriverEasy\--scan
Task: {C5E29409-A453-4712-ADED-CE411BA4AA2C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {325E84FF-A85B-4A4C-B566-8E84D86A8297} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {610E51D6-F7F7-4400-BE57-322DC2436DA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2DEA2A49-CA51-4E2A-8DDF-AE4FB144FD9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2F40F489-3391-456A-AE87-7F2ED37ABE73} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {D82E3D48-16D1-433F-8335-57803A159015} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {3F877861-7CC3-4D44-B8BB-B21139C5195B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {2E73767F-4AC5-4CAD-AA2E-6FA24787E7C8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {8322D888-280B-466F-AD72-0CA25B41BC45} - System32\Tasks\HPCustPartic.exe_{A9B495E6-E826-4F50-97A5-032272AB3E58} => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {1D0C96DD-8C6B-42BB-B762-1F164072629F} - System32\Tasks\HPCustParticipation HP ENVY 5000 series => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {493CA380-C4C0-4F5B-8E87-3E3736DA7106} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {67FEBD2C-00B8-4088-8722-C0E619675FFB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {096904DC-4194-4ECF-B773-68CAE46BA45A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe -Daily (No File)
Task: {FD1AC3FB-F420-45A1-9C95-521055A59BC2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {5B28B241-5329-4026-A326-ADF510444C52} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {D57E5365-BB8B-471D-A7DA-CC1D6B58B7BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {069BD4D8-2593-40CF-B3AE-E1292D13B17C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {2ABC0882-5F8B-4489-AFC2-2FCABB6CCFB6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {08EA6DBA-60B8-4BE3-B61D-30D0A234A9FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {D796E70E-A3B2-498E-B46E-5FDCACF0571E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {4CACF05D-5EA3-4484-86C4-654473548659} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {7A071A03-0F85-4AB0-A056-D149DD8BBACA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A3B3620B-494D-493A-88CB-AD136F949375} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {99456242-E155-4444-B6A1-2C2353B77678} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {2E9572EE-E4F6-4E7E-BF55-4E26494045F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {E2FBF8C3-C68D-4E93-84E8-2366FD125899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {FF5876C5-4EFB-49E8-9D80-1B89D2717DE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BB6E729F-9653-43F8-A5FB-02FD38E777E6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {92CEC713-5199-4946-9AAE-F610BD442836} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {5F36ADB3-20A9-454D-ADCD-E39E74EF675B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {9C61194E-54BF-4AE0-9FDA-39876A1DB0DF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {8190DCFC-256D-438E-98A5-9F1745933597} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {338ECEFE-E0EA-455E-9234-F71F36E78584} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {BDA8A301-B92B-492B-BAD2-75488FF18606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9369BBC8-4A57-4A67-A10B-1FE6A1A2C1C2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {500A976C-603C-42CF-91A0-2CE8A08066AA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F7CFD29-316A-4055-8288-33DE28F4A258} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {9ACB4B99-6459-4C3C-BC4C-53C4EAA21893} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {73ACFD01-D105-4D4F-9290-7DA6C7675159} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {EE0FE736-87AF-4B80-8DE9-FACC26A64EBE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {507785E3-6B72-4CF6-9AD5-BB36AA807E06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34807CC3-8BD0-455F-A2D5-EEE6C14E770C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0481C891-69DB-4BE1-B215-CB75542F2DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FBF4108-1525-4D9D-AF78-22962B0BB15F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {177F6B9F-5D04-4E03-8C05-6624740BFD3C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {41ED38DF-BB53-494A-8034-49AA0AB13C30} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {777492D2-6149-4DE1-8A08-83EF445583E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FFD823A-65CC-4D8C-A94D-5D747D65F82B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {20D17AF5-8FEF-4EE6-8848-BAFA6276989A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97E1C190-5DAA-40C3-9A62-3EB64613831C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09021979-FAC0-4FF5-BBA0-05B0960506E0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B694463C-A27B-4A9F-974E-5DF2DE13C6AD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {753BC523-A924-4E65-BFA2-0D2B75CDD1DF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FC122B3-712B-471F-AD11-D1C9E8C132E6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5CDD4E97-AB3F-465C-A3F3-AE1D03CB1770} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {2E2132F2-F3AA-41A9-AA06-8744A399C049} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8A36A838-4160-4129-A7F0-B6946B94849F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {65659F3C-E07D-400C-B2B6-DFA494F0AA60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B7AABF2A-BE29-4D72-B944-8833FF3ACA28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {EAA67B9E-D7F7-4480-A88A-00F260B75845} - System32\Tasks\Software Update => C:\Program Files (x86)\Glarysoft\Software Update\Software Update.exe [1023384 2023-11-28] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {1DBF6FE4-3581-4937-98B4-934241C099D7} - System32\Tasks\Systweak Software Updater AppUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {8A55307B-7731-448F-9DF9-73F3846F20D7} - System32\Tasks\Systweak Software Updater DBUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {B010E9C5-7CFC-4E16-A2ED-5E57EE95942A} - System32\Tasks\Systweak Software Updater Notifier => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {1BE79A07-E15B-43A2-B073-2A8C4961274F} - System32\Tasks\Systweak Software UpdaterNotifier => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {8E3D182C-B0C2-41BD-B072-41360EE178FC} - System32\Tasks\Systweak Software UpdaterNotifier_startup => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {E8412613-E2EB-40DC-9CE4-89E79A23B3E6} - System32\Tasks\Systweak Software UpdaterNotifier_trigger => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {11B453D6-C9BA-4031-94DE-1AE4AB4FD297} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18164424 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) -> C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\\-AUSCAN

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpDomain] home
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}\44166756: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-27]
Edge Notifications: Default -> hxxps://djst.org
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-27]
Edge Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-04]
Edge Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-01-05]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-04-23]
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-03-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: rvkvazm3.default-1674403214688
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rvkvazm3.default-1674403214688 [2024-04-25]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2024-04-25]
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-23]
CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-23]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-23]
CHR Extension: (Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-26]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-04-25]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-04-27]
CHR Notifications: Profile 1 -> hxxps://www.hp.com; hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2024-04-14]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-01]
CHR Extension: (Foxit PDF Creator) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-09-26]
CHR Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
S3 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2366048 2023-04-17] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-07] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [829208 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R2 Realtek92SU; C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [40960 2009-02-05] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Dave\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-10-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49664 2022-07-15] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-27 08:07 - 2024-04-27 08:10 - 000050159 _____ C:\Users\Dave\Desktop\FRST.txt
2024-04-27 07:14 - 2024-04-27 07:14 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-26 14:06 - 2024-04-26 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-04-26 08:47 - 2024-04-26 08:47 - 001609850 _____ C:\Users\Dave\Documents\bookmarks_4_26_24.html
2024-04-25 20:09 - 2024-04-25 20:09 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-04-24 17:51 - 2024-04-24 17:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-04-24 16:31 - 2024-04-24 16:31 - 000002850 _____ C:\Users\Dave\Desktop\ckfiles.txt
2024-04-24 15:41 - 2024-04-24 15:42 - 000468480 _____ () C:\Users\Dave\Desktop\CKScanner.exe
2024-04-23 14:19 - 2024-04-22 16:48 - 002394112 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2024-04-23 14:03 - 2024-04-27 08:09 - 000000000 ____D C:\FRST
2024-04-22 08:14 - 2024-04-22 08:14 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000002424 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-22 08:10 - 2024-04-22 08:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-04-22 08:07 - 2024-04-22 08:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\ansel
2024-04-22 08:05 - 2024-04-22 08:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-04-22 08:05 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-04-22 08:05 - 2024-04-22 08:05 - 000002348 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000001996 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-04-22 08:04 - 2024-04-22 08:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2024-04-22 08:04 - 2021-06-20 17:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-04-22 08:04 - 2018-10-23 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-04-22 08:04 - 2009-07-14 00:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-04-22 08:03 - 2024-04-25 20:06 - 000000000 ____D C:\Users\Administrator
2024-04-22 08:03 - 2024-04-22 08:13 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-04-21 18:30 - 2024-04-21 18:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-21 10:30 - 2023-06-07 07:38 - 000455008 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20240421-103051.backup
2024-04-19 13:04 - 2024-04-19 13:12 - 000000000 ____D C:\Users\Dave\Downloads\Operating Systems
2024-04-19 11:57 - 2024-04-19 12:50 - 000000000 ____D C:\Users\Dave\Downloads\Virtual Machine
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio
2024-04-19 11:03 - 2024-04-19 11:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\obs-studio
2024-04-18 08:38 - 2024-04-19 12:52 - 000000000 ____D C:\Users\Dave\Documents\Medical
2024-04-18 08:06 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\ws_E_202407c.pdf
2024-04-18 08:05 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\w_E_202407.pdf
2024-04-11 09:18 - 2024-04-11 09:18 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-11 09:17 - 2024-04-11 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-11 08:35 - 2024-04-11 08:35 - 000000000 ___HD C:\$WinREAgent
2024-04-08 08:32 - 2024-04-19 14:56 - 000000000 ____D C:\Users\Dave\Documents\Z Payments
2024-03-20 01:14 - 2024-03-20 01:14 - 000000000 ____D C:\ProgramData\Norton
2024-03-05 17:30 - 2024-03-05 17:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Apple Inc
2024-03-05 17:14 - 2024-03-05 17:14 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2024-03-05 17:14 - 2024-03-05 17:14 - 000000000 ____D C:\Program Files\iTunes
2024-03-05 17:09 - 2024-03-05 17:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2024-03-05 17:09 - 2024-03-05 17:09 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2024-03-05 16:58 - 2024-03-05 16:58 - 000168596 ____H C:\WINDOWS\system32\mlfcache.dat
2024-03-05 15:45 - 2024-03-05 15:45 - 000000000 ____D C:\Users\Dave\Apple
2024-02-13 13:19 - 2024-02-13 13:19 - 000052036 _____ C:\Users\Dave\Documents\cc_20240213_121911.reg
2024-02-06 11:16 - 2024-02-06 11:16 - 001283506 _____ C:\Users\Dave\Downloads\3 May-Jun workbook.pdf

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-27 08:11 - 2021-12-17 10:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-27 08:11 - 2018-10-23 12:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-27 08:04 - 2021-07-31 13:59 - 000000000 ____D C:\Users\Dave\Documents\Test Folder
2024-04-27 07:58 - 2021-06-20 17:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-27 07:21 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-27 07:15 - 2020-04-20 21:04 - 000000000 ___RD C:\Users\Dave\Google Drive
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-27 07:08 - 2018-10-20 01:48 - 000000000 ___SD C:\Users\Dave\AppData\Roaming\Microsoft\Credentials
2024-04-26 14:07 - 2018-10-21 14:08 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
2024-04-26 14:07 - 2018-10-21 14:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Dropbox
2024-04-26 14:07 - 2018-10-21 14:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-04-26 14:06 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-26 14:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-26 12:25 - 2018-10-19 17:13 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-26 09:02 - 2023-06-08 16:00 - 000000000 _____ C:\Users\Dave\Documents\HPSmartPrintingPort
2024-04-26 09:02 - 2022-03-15 08:13 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Temp
2024-04-26 09:01 - 2021-06-20 17:41 - 000935286 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-26 09:01 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-26 08:59 - 2018-10-25 16:39 - 000000000 ____D C:\Users\Dave\Documents\Passwords
2024-04-26 08:58 - 2018-12-13 17:39 - 000000000 ____D C:\Users\Dave\AppData\Local\Plex Media Server
2024-04-26 08:57 - 2023-05-09 16:15 - 000000000 ____D C:\Users\Dave\AppData\Local\Malwarebytes
2024-04-26 08:57 - 2021-06-20 17:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-26 08:56 - 2021-06-20 17:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-26 08:55 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-26 08:55 - 2018-10-22 15:59 - 000000000 ____D C:\Users\Dave\AppData\Local\Everything
2024-04-26 08:55 - 2018-10-22 15:37 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2024-04-26 08:53 - 2021-06-21 12:39 - 000000000 ____D C:\Users\Dave\AppData\Roaming\FreeFileSync
2024-04-26 08:52 - 2018-10-21 14:12 - 000000000 ___RD C:\Users\Dave\Dropbox
2024-04-25 20:07 - 2021-06-20 17:42 - 000000000 ____D C:\Users\Dave
2024-04-25 19:59 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2024-04-25 19:59 - 2009-07-13 20:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-04-25 19:51 - 2019-01-02 14:34 - 000000000 ____D C:\Program Files (x86)\NirSoft
2024-04-25 19:48 - 2018-10-23 12:51 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Word
2024-04-24 16:17 - 2020-09-03 07:53 - 000000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2024-04-24 08:28 - 2018-12-23 10:45 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Excel
2024-04-23 11:08 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\FixWindows Media Player
2024-04-22 16:36 - 2018-10-25 16:47 - 000000000 ____D C:\Users\Dave\Documents\Computer
2024-04-22 16:25 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Software analyzer_Updater
2024-04-22 16:25 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\Anti-Keyloggers
2024-04-22 15:46 - 2018-10-25 10:23 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2024-04-22 14:24 - 2018-10-25 16:52 - 000000000 ____D C:\Users\Dave\Documents\Health
2024-04-22 08:11 - 2018-10-25 10:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-22 08:06 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-22 08:05 - 2021-06-20 17:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-21 18:52 - 2022-11-26 10:45 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-21 18:52 - 2022-07-08 12:34 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-21 18:51 - 2019-01-02 15:29 - 000000000 ____D C:\WINDOWS\pss
2024-04-21 18:29 - 2021-01-29 11:03 - 000000000 ____D C:\Program Files\CCleaner
2024-04-21 11:41 - 2021-06-23 08:11 - 000000000 ____D C:\Users\Dave\AppData\Local\D3DSCache
2024-04-21 11:40 - 2022-11-26 10:45 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-21 11:39 - 2021-06-20 17:52 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-21 11:36 - 2018-10-25 10:28 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-04-21 08:40 - 2018-10-25 10:33 - 000000000 ____D C:\ProgramData\TEMP
2024-04-21 08:40 - 2018-10-25 10:26 - 000000000 ____D C:\Users\Dave\Desktop\Virus and Spyware
2024-04-21 08:39 - 2018-10-25 10:33 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-04-20 15:38 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Word Processers
2024-04-19 16:09 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Screen capture & recording programs
2024-04-19 13:09 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Files -Folders
2024-04-19 10:18 - 2021-05-15 13:38 - 000000000 ___RD C:\Users\Dave\OneDrive
2024-04-19 09:39 - 2018-12-31 13:08 - 000000000 ___RD C:\Users\Dave\Desktop\Computer Analyzers
2024-04-19 09:38 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Computer Analyzers
2024-04-14 12:12 - 2021-06-20 17:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-12 03:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-11 10:39 - 2021-06-20 17:36 - 000458168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-11 10:36 - 2023-12-13 13:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-11 10:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-11 09:28 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-11 09:16 - 2021-06-20 17:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 17:21 - 2023-03-23 07:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-10 17:21 - 2018-10-23 16:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-10 10:42 - 2023-10-08 07:47 - 000022693 _____ C:\Users\Dave\Downloads\PH Territory # 61.xlsx
2024-04-10 09:39 - 2018-10-19 17:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 09:32 - 2018-10-19 17:12 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-10 08:33 - 2021-06-20 17:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 21:07 - 2018-10-25 16:42 - 000000000 ____D C:\Users\Dave\Documents\A Theocratic Items
2024-04-08 12:03 - 2021-06-21 12:39 - 000000000 ____D C:\Program Files\FreeFileSync
2024-04-08 12:02 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Backup and Cloud Software
2024-04-03 19:04 - 2021-06-20 17:52 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-03 19:04 - 2021-06-20 17:52 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-01 14:08 - 2023-08-04 09:59 - 000000000 ____D C:\Users\Dave\Documents\Password Protected Files
2024-04-01 11:21 - 2018-10-25 16:41 - 000000000 ____D C:\Users\Dave\Documents\Medicare

==================== Files in the root of some directories ========

2019-07-26 12:46 - 2020-03-21 15:28 - 001178624 _____ (CPUID) C:\Users\Dave\AppData\Roaming\siw_sdk.dll
2022-07-31 07:32 - 2022-07-31 07:32 - 000000423 _____ () C:\Users\Dave\AppData\Roaming\u_data.lgvnx
2022-09-28 09:11 - 2022-09-28 09:11 - 000004096 ____H () C:\Users\Dave\AppData\Local\keyfile3.drm
2021-03-29 18:12 - 2021-03-29 18:12 - 000000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[jwdo]

OK, I ran a fresh scan with 90 days checked and addition.txt checked and here is the results of frst.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by Dave (administrator) on DAVE-PC (27-04-2024 08:07:27)
Running from C:\Users\Dave\Desktop\FRST64.exe
Loaded Profiles: Dave
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\89.0.2.0\crashpad_handler.exe
(C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe <6>
(C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\90.0.3.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe
(explorer.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2403.5.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11551632 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6975864 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11247648 2024-04-21] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [MicrosoftEdgeAutoLaunch_525658F00744E14F17037BCCD3CC786D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4082112 2024-04-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Print\Monitors\HP 0853 Status Monitor: C:\WINDOWS\system32\hpinksts0853LM.dll [476856 2019-03-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5000 series): C:\WINDOWS\system32\HPDiscoPM0853.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.79\Installer\chrmstp.exe [2024-04-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B868A5A-309C-4B26-8510-45FEAEEBDD39} - System32\Tasks\{FD54965B-CC62-49DD-B566-0FB9EC51EB21} => C:\Windows\System32\pcalua.exe [53760 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH\setup.exe -d C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH
Task: {DFCD6C2B-3897-4B02-97C2-7AC16B827023} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {941B174E-0870-49FD-89D9-D12D31D41760} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {93BBBB91-41ED-40D4-AC8A-80E778716B1F} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-11-17] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {E88A9596-EE2F-4093-A61C-56FCA62C2893} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {415D11DF-2D38-47EC-8E0D-B72054A94B7F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "1e19de12-5a41-46bc-b82b-e4e77ac56060" --version "6.23.11010" --silent
Task: {0CCB9D4C-FA40-4825-B33F-C5914611F588} - System32\Tasks\CCleanerSkipUAC - Dave => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DDD5A1FC-AEA1-42EE-AF98-2AEF1B1C866D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {7C9DEE41-1672-4E83-912D-AB0777438CF9} - System32\Tasks\Driver Booster Scheduler => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\Scheduler.exe" /scheduler (No File)
Task: {CD166542-F4D9-4FAC-812B-963A101BEE40} - System32\Tasks\Driver Booster SkipUAC (Dave) => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\DriverBooster.exe" /skipuac (No File)
Task: {1B36D84A-2374-42A4-97C9-E52C14743354} - System32\Tasks\Driver Booster Update => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\AutoUpdate.exe" /auto (No File)
Task: {6A375C80-2380-48EB-B719-CC2A21488DF8} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [4036480 2023-06-06] (Easeware Technology Limited -> Easeware) -> C:\Program Files\Easeware\DriverEasy\--scan
Task: {C5E29409-A453-4712-ADED-CE411BA4AA2C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {325E84FF-A85B-4A4C-B566-8E84D86A8297} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {610E51D6-F7F7-4400-BE57-322DC2436DA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2DEA2A49-CA51-4E2A-8DDF-AE4FB144FD9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2F40F489-3391-456A-AE87-7F2ED37ABE73} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {D82E3D48-16D1-433F-8335-57803A159015} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {3F877861-7CC3-4D44-B8BB-B21139C5195B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {2E73767F-4AC5-4CAD-AA2E-6FA24787E7C8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {8322D888-280B-466F-AD72-0CA25B41BC45} - System32\Tasks\HPCustPartic.exe_{A9B495E6-E826-4F50-97A5-032272AB3E58} => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {1D0C96DD-8C6B-42BB-B762-1F164072629F} - System32\Tasks\HPCustParticipation HP ENVY 5000 series => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {493CA380-C4C0-4F5B-8E87-3E3736DA7106} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {67FEBD2C-00B8-4088-8722-C0E619675FFB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {096904DC-4194-4ECF-B773-68CAE46BA45A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe -Daily (No File)
Task: {FD1AC3FB-F420-45A1-9C95-521055A59BC2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {5B28B241-5329-4026-A326-ADF510444C52} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {D57E5365-BB8B-471D-A7DA-CC1D6B58B7BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {069BD4D8-2593-40CF-B3AE-E1292D13B17C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {2ABC0882-5F8B-4489-AFC2-2FCABB6CCFB6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {08EA6DBA-60B8-4BE3-B61D-30D0A234A9FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {D796E70E-A3B2-498E-B46E-5FDCACF0571E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {4CACF05D-5EA3-4484-86C4-654473548659} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {7A071A03-0F85-4AB0-A056-D149DD8BBACA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A3B3620B-494D-493A-88CB-AD136F949375} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {99456242-E155-4444-B6A1-2C2353B77678} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {2E9572EE-E4F6-4E7E-BF55-4E26494045F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {E2FBF8C3-C68D-4E93-84E8-2366FD125899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {FF5876C5-4EFB-49E8-9D80-1B89D2717DE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BB6E729F-9653-43F8-A5FB-02FD38E777E6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {92CEC713-5199-4946-9AAE-F610BD442836} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {5F36ADB3-20A9-454D-ADCD-E39E74EF675B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {9C61194E-54BF-4AE0-9FDA-39876A1DB0DF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {8190DCFC-256D-438E-98A5-9F1745933597} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {338ECEFE-E0EA-455E-9234-F71F36E78584} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {BDA8A301-B92B-492B-BAD2-75488FF18606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9369BBC8-4A57-4A67-A10B-1FE6A1A2C1C2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {500A976C-603C-42CF-91A0-2CE8A08066AA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F7CFD29-316A-4055-8288-33DE28F4A258} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {9ACB4B99-6459-4C3C-BC4C-53C4EAA21893} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {73ACFD01-D105-4D4F-9290-7DA6C7675159} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {EE0FE736-87AF-4B80-8DE9-FACC26A64EBE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {507785E3-6B72-4CF6-9AD5-BB36AA807E06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34807CC3-8BD0-455F-A2D5-EEE6C14E770C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0481C891-69DB-4BE1-B215-CB75542F2DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FBF4108-1525-4D9D-AF78-22962B0BB15F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {177F6B9F-5D04-4E03-8C05-6624740BFD3C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {41ED38DF-BB53-494A-8034-49AA0AB13C30} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {777492D2-6149-4DE1-8A08-83EF445583E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FFD823A-65CC-4D8C-A94D-5D747D65F82B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {20D17AF5-8FEF-4EE6-8848-BAFA6276989A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97E1C190-5DAA-40C3-9A62-3EB64613831C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09021979-FAC0-4FF5-BBA0-05B0960506E0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B694463C-A27B-4A9F-974E-5DF2DE13C6AD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {753BC523-A924-4E65-BFA2-0D2B75CDD1DF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FC122B3-712B-471F-AD11-D1C9E8C132E6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5CDD4E97-AB3F-465C-A3F3-AE1D03CB1770} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {2E2132F2-F3AA-41A9-AA06-8744A399C049} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8A36A838-4160-4129-A7F0-B6946B94849F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {65659F3C-E07D-400C-B2B6-DFA494F0AA60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B7AABF2A-BE29-4D72-B944-8833FF3ACA28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {EAA67B9E-D7F7-4480-A88A-00F260B75845} - System32\Tasks\Software Update => C:\Program Files (x86)\Glarysoft\Software Update\Software Update.exe [1023384 2023-11-28] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {1DBF6FE4-3581-4937-98B4-934241C099D7} - System32\Tasks\Systweak Software Updater AppUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {8A55307B-7731-448F-9DF9-73F3846F20D7} - System32\Tasks\Systweak Software Updater DBUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {B010E9C5-7CFC-4E16-A2ED-5E57EE95942A} - System32\Tasks\Systweak Software Updater Notifier => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe [3786256 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak)
Task: {1BE79A07-E15B-43A2-B073-2A8C4961274F} - System32\Tasks\Systweak Software UpdaterNotifier => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {8E3D182C-B0C2-41BD-B072-41360EE178FC} - System32\Tasks\Systweak Software UpdaterNotifier_startup => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {E8412613-E2EB-40DC-9CE4-89E79A23B3E6} - System32\Tasks\Systweak Software UpdaterNotifier_trigger => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe [643600 2022-03-03] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {11B453D6-C9BA-4031-94DE-1AE4AB4FD297} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18164424 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) -> C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\\-AUSCAN

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpDomain] home
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}\44166756: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-27]
Edge Notifications: Default -> hxxps://djst.org
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-27]
Edge Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-04]
Edge Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-01-05]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-04-23]
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-03-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: rvkvazm3.default-1674403214688
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rvkvazm3.default-1674403214688 [2024-04-25]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2024-04-25]
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-23]
CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-23]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-23]
CHR Extension: (Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-26]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-04-25]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-04-27]
CHR Notifications: Profile 1 -> hxxps://www.hp.com; hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2024-04-14]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-01]
CHR Extension: (Foxit PDF Creator) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-09-26]
CHR Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
S3 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2366048 2023-04-17] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-07] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [829208 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R2 Realtek92SU; C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [40960 2009-02-05] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Dave\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-10-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49664 2022-07-15] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-27 08:07 - 2024-04-27 08:10 - 000050159 _____ C:\Users\Dave\Desktop\FRST.txt
2024-04-27 07:14 - 2024-04-27 07:14 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-26 14:06 - 2024-04-26 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-04-26 08:47 - 2024-04-26 08:47 - 001609850 _____ C:\Users\Dave\Documents\bookmarks_4_26_24.html
2024-04-25 20:09 - 2024-04-25 20:09 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-04-24 17:51 - 2024-04-24 17:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-04-24 16:31 - 2024-04-24 16:31 - 000002850 _____ C:\Users\Dave\Desktop\ckfiles.txt
2024-04-24 15:41 - 2024-04-24 15:42 - 000468480 _____ () C:\Users\Dave\Desktop\CKScanner.exe
2024-04-23 14:19 - 2024-04-22 16:48 - 002394112 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2024-04-23 14:03 - 2024-04-27 08:09 - 000000000 ____D C:\FRST
2024-04-22 08:14 - 2024-04-22 08:14 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000002424 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-22 08:10 - 2024-04-22 08:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-04-22 08:07 - 2024-04-22 08:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\ansel
2024-04-22 08:05 - 2024-04-22 08:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-04-22 08:05 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-04-22 08:05 - 2024-04-22 08:05 - 000002348 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000001996 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-04-22 08:04 - 2024-04-22 08:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2024-04-22 08:04 - 2021-06-20 17:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-04-22 08:04 - 2018-10-23 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-04-22 08:04 - 2009-07-14 00:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-04-22 08:03 - 2024-04-25 20:06 - 000000000 ____D C:\Users\Administrator
2024-04-22 08:03 - 2024-04-22 08:13 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-04-21 18:30 - 2024-04-21 18:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-21 10:30 - 2023-06-07 07:38 - 000455008 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20240421-103051.backup
2024-04-19 13:04 - 2024-04-19 13:12 - 000000000 ____D C:\Users\Dave\Downloads\Operating Systems
2024-04-19 11:57 - 2024-04-19 12:50 - 000000000 ____D C:\Users\Dave\Downloads\Virtual Machine
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio
2024-04-19 11:03 - 2024-04-19 11:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\obs-studio
2024-04-18 08:38 - 2024-04-19 12:52 - 000000000 ____D C:\Users\Dave\Documents\Medical
2024-04-18 08:06 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\ws_E_202407c.pdf
2024-04-18 08:05 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\w_E_202407.pdf
2024-04-11 09:18 - 2024-04-11 09:18 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-11 09:17 - 2024-04-11 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-11 08:35 - 2024-04-11 08:35 - 000000000 ___HD C:\$WinREAgent
2024-04-08 08:32 - 2024-04-19 14:56 - 000000000 ____D C:\Users\Dave\Documents\Z Payments
2024-03-20 01:14 - 2024-03-20 01:14 - 000000000 ____D C:\ProgramData\Norton
2024-03-05 17:30 - 2024-03-05 17:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Apple Inc
2024-03-05 17:14 - 2024-03-05 17:14 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2024-03-05 17:14 - 2024-03-05 17:14 - 000000000 ____D C:\Program Files\iTunes
2024-03-05 17:09 - 2024-03-05 17:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2024-03-05 17:09 - 2024-03-05 17:09 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2024-03-05 16:58 - 2024-03-05 16:58 - 000168596 ____H C:\WINDOWS\system32\mlfcache.dat
2024-03-05 15:45 - 2024-03-05 15:45 - 000000000 ____D C:\Users\Dave\Apple
2024-02-13 13:19 - 2024-02-13 13:19 - 000052036 _____ C:\Users\Dave\Documents\cc_20240213_121911.reg
2024-02-06 11:16 - 2024-02-06 11:16 - 001283506 _____ C:\Users\Dave\Downloads\3 May-Jun workbook.pdf

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-27 08:11 - 2021-12-17 10:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-27 08:11 - 2018-10-23 12:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-27 08:04 - 2021-07-31 13:59 - 000000000 ____D C:\Users\Dave\Documents\Test Folder
2024-04-27 07:58 - 2021-06-20 17:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-27 07:21 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-27 07:15 - 2020-04-20 21:04 - 000000000 ___RD C:\Users\Dave\Google Drive
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-27 07:08 - 2018-10-20 01:48 - 000000000 ___SD C:\Users\Dave\AppData\Roaming\Microsoft\Credentials
2024-04-26 14:07 - 2018-10-21 14:08 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
2024-04-26 14:07 - 2018-10-21 14:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Dropbox
2024-04-26 14:07 - 2018-10-21 14:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-04-26 14:06 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-26 14:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-26 12:25 - 2018-10-19 17:13 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-26 09:02 - 2023-06-08 16:00 - 000000000 _____ C:\Users\Dave\Documents\HPSmartPrintingPort
2024-04-26 09:02 - 2022-03-15 08:13 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Temp
2024-04-26 09:01 - 2021-06-20 17:41 - 000935286 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-26 09:01 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-26 08:59 - 2018-10-25 16:39 - 000000000 ____D C:\Users\Dave\Documents\Passwords
2024-04-26 08:58 - 2018-12-13 17:39 - 000000000 ____D C:\Users\Dave\AppData\Local\Plex Media Server
2024-04-26 08:57 - 2023-05-09 16:15 - 000000000 ____D C:\Users\Dave\AppData\Local\Malwarebytes
2024-04-26 08:57 - 2021-06-20 17:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-26 08:56 - 2021-06-20 17:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-26 08:55 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-26 08:55 - 2018-10-22 15:59 - 000000000 ____D C:\Users\Dave\AppData\Local\Everything
2024-04-26 08:55 - 2018-10-22 15:37 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2024-04-26 08:53 - 2021-06-21 12:39 - 000000000 ____D C:\Users\Dave\AppData\Roaming\FreeFileSync
2024-04-26 08:52 - 2018-10-21 14:12 - 000000000 ___RD C:\Users\Dave\Dropbox
2024-04-25 20:07 - 2021-06-20 17:42 - 000000000 ____D C:\Users\Dave
2024-04-25 19:59 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2024-04-25 19:59 - 2009-07-13 20:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-04-25 19:51 - 2019-01-02 14:34 - 000000000 ____D C:\Program Files (x86)\NirSoft
2024-04-25 19:48 - 2018-10-23 12:51 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Word
2024-04-24 16:17 - 2020-09-03 07:53 - 000000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2024-04-24 08:28 - 2018-12-23 10:45 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Excel
2024-04-23 11:08 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\FixWindows Media Player
2024-04-22 16:36 - 2018-10-25 16:47 - 000000000 ____D C:\Users\Dave\Documents\Computer
2024-04-22 16:25 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Software analyzer_Updater
2024-04-22 16:25 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\Anti-Keyloggers
2024-04-22 15:46 - 2018-10-25 10:23 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2024-04-22 14:24 - 2018-10-25 16:52 - 000000000 ____D C:\Users\Dave\Documents\Health
2024-04-22 08:11 - 2018-10-25 10:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-22 08:06 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-22 08:05 - 2021-06-20 17:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-21 18:52 - 2022-11-26 10:45 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-21 18:52 - 2022-07-08 12:34 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-21 18:51 - 2019-01-02 15:29 - 000000000 ____D C:\WINDOWS\pss
2024-04-21 18:29 - 2021-01-29 11:03 - 000000000 ____D C:\Program Files\CCleaner
2024-04-21 11:41 - 2021-06-23 08:11 - 000000000 ____D C:\Users\Dave\AppData\Local\D3DSCache
2024-04-21 11:40 - 2022-11-26 10:45 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-21 11:39 - 2021-06-20 17:52 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-21 11:36 - 2018-10-25 10:28 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-04-21 08:40 - 2018-10-25 10:33 - 000000000 ____D C:\ProgramData\TEMP
2024-04-21 08:40 - 2018-10-25 10:26 - 000000000 ____D C:\Users\Dave\Desktop\Virus and Spyware
2024-04-21 08:39 - 2018-10-25 10:33 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-04-20 15:38 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Word Processers
2024-04-19 16:09 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Screen capture & recording programs
2024-04-19 13:09 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Files -Folders
2024-04-19 10:18 - 2021-05-15 13:38 - 000000000 ___RD C:\Users\Dave\OneDrive
2024-04-19 09:39 - 2018-12-31 13:08 - 000000000 ___RD C:\Users\Dave\Desktop\Computer Analyzers
2024-04-19 09:38 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Computer Analyzers
2024-04-14 12:12 - 2021-06-20 17:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-12 03:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-11 10:39 - 2021-06-20 17:36 - 000458168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-11 10:36 - 2023-12-13 13:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-11 10:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-11 09:28 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-11 09:16 - 2021-06-20 17:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 17:21 - 2023-03-23 07:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-10 17:21 - 2018-10-23 16:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-10 10:42 - 2023-10-08 07:47 - 000022693 _____ C:\Users\Dave\Downloads\PH Territory # 61.xlsx
2024-04-10 09:39 - 2018-10-19 17:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 09:32 - 2018-10-19 17:12 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-10 08:33 - 2021-06-20 17:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 21:07 - 2018-10-25 16:42 - 000000000 ____D C:\Users\Dave\Documents\A Theocratic Items
2024-04-08 12:03 - 2021-06-21 12:39 - 000000000 ____D C:\Program Files\FreeFileSync
2024-04-08 12:02 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Backup and Cloud Software
2024-04-03 19:04 - 2021-06-20 17:52 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-03 19:04 - 2021-06-20 17:52 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-01 14:08 - 2023-08-04 09:59 - 000000000 ____D C:\Users\Dave\Documents\Password Protected Files
2024-04-01 11:21 - 2018-10-25 16:41 - 000000000 ____D C:\Users\Dave\Documents\Medicare

==================== Files in the root of some directories ========

2019-07-26 12:46 - 2020-03-21 15:28 - 001178624 _____ (CPUID) C:\Users\Dave\AppData\Roaming\siw_sdk.dll
2022-07-31 07:32 - 2022-07-31 07:32 - 000000423 _____ () C:\Users\Dave\AppData\Roaming\u_data.lgvnx
2022-09-28 09:11 - 2022-09-28 09:11 - 000004096 ____H () C:\Users\Dave\AppData\Local\keyfile3.drm
2021-03-29 18:12 - 2021-03-29 18:12 - 000000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[jwdo]

And here is the results of addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (27-04-2024 08:12:34)
Running from C:\Users\Dave\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2021-06-21 00:53:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4182419237-4015324695-3907471336-500 - Administrator - Enabled) => C:\Users\Administrator
Dave (S-1-5-21-4182419237-4015324695-3907471336-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4182419237-4015324695-3907471336-503 - Limited - Disabled)
Guest (S-1-5-21-4182419237-4015324695-3907471336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4182419237-4015324695-3907471336-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4182419237-4015324695-3907471336-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{2DC070EE-D256-4564-BC7C-A78085F22080}) (Version: 4.28.0.5600 - Open Media LLC)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 13 (HKLM-x32\...\AU11_is1) (Version: 13.26.0.68 - Innovative Solutions)
Airlink101 WLAN Monitor (HKLM-x32\...\{9C048189-055C-4a0c-A916-1D8C132455EB}) (Version: 1.01.0095 - REALTEK Semiconductor Corp.)
Amazon Kindle (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Amazon Kindle) (Version: 1.40.1.65535 - Amazon)
AOMEI Partition Assistant 10.2.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: 10.2.1 - AOMEI International Network Limited.)
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ashampoo Driver Updater (HKLM\...\{0A11EA01-9351-AD68-8AFA-02337415E1F8}_is1) (Version: 1.6.1 - Ashampoo GmbH & Co. KG)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC16014E7500}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Audacity 3.4.2 (HKLM\...\Audacity_is1) (Version: 3.4.2 - Audacity Team)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{814f6cd2-0708-44fd-869c-24fd0c01dad9}) (Version: 2.7.8 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{b8aa1655-5339-4004-ab71-e69f55477cc8}) (Version: 2.8.1 - Mean)
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Bible Mapper 5 (HKLM-x32\...\{81CFDC81-A76D-4098-A8A8-D2BC21340D51}) (Version: 5.1 - BarrettWare)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.14.0.1061 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacksServices) (Version: 3.0.2 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacks X) (Version: 10.5.0.1016 - now.gg, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother HL-5250DN (HKLM-x32\...\{30DC4A13-6C77-4576-9D31-3C7B80847AAF}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{B3DF9767-C635-4558-A655-D586070E2CE3}) (Version: 124.0.6367.18 - Google LLC)
ClipGrab 3.9.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - The ClipGrab Project)
CrystalDiskInfo 9.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.1 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 197.4.7629 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.1 - Sharpened Productions)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FilExile (HKLM-x32\...\{37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC}_is1) (Version: 3.00 - Bryan Carey)
Folder Size 4.9.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 4.9.0.0 - MindGems, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.1.1.1017 - Digital Wave Ltd)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
FreeFileSync (HKLM-x32\...\FreeFileSync_is1) (Version: 13.5 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.79 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 90.0.3.0 - Google LLC)
Hot Illustrations 1.0 (HKLM-x32\...\Hot Illustrations 1.0) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{71175310-91E7-49E9-A714-15151F839268}) (Version: 44.5.501.81934 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{1DE1A510-1B9F-409E-A586-34C6DB1EDF1F}) (Version: 44.5.0.0 - HP)
HP ENVY 5000 series Basic Device Software (HKLM\...\{51F12478-A80C-47F4-850F-B31D7DAF9365}) (Version: 44.11.2778.22166 - HP Inc.)
HP ENVY 5000 series Help (HKLM-x32\...\{B868134D-0D88-4973-BDD8-07E2522C9102}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{8202C130-5331-4FA4-9B94-CD5B7D595971}) (Version: 44.5.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C7242B1F-50CF-4C88-92C0-6012281B0E72}) (Version: 44.5.501.81934 - HP)
HP OneDrive Plugin (HKLM-x32\...\{88B06412-906E-473D-B69B-71EB040F15F5}) (Version: 44.5.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{C3547CAA-C272-4A32-9A53-358892E9026B}) (Version: 44.5.0.0 - HP)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.66 - Martin Malik, REALiX s.r.o.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Mailsware EML Converter Toolkit (HKLM-x32\...\Mailsware EML Converter Toolkit_is1) (Version: - Mailsware)
Malwarebytes version 4.6.12.323 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.12.323 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{2AA3C13E-0531-41B8-AE48-AE28C940A809}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30153 (HKLM-x32\...\{e3aefa8b-a2ea-42b8-a384-95f2ff6df681}) (Version: 14.29.30153.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30153 (HKLM-x32\...\{F263DEED-F2D3-4AB2-9D1C-C47ED5AA8BFC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30153 (HKLM-x32\...\{F3E4AF00-C81D-4253-B947-67DD661932EC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 120.0 (x64 en-US)) (Version: 120.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0 - Mozilla)
Mp3tag v3.23 (HKLM-x32\...\Mp3tag) (Version: 3.23 - Florian Heidenreich)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{7520AAFB-1D48-487F-B935-FD7C5704F0C4}) (Version: 1.40.1227 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{78529c24-adb9-454f-aaa7-165c17c33375}) (Version: 1.40.1.8227 - Plex, Inc.)
Product Improvement Study for HP ENVY 5000 series (HKLM\...\{A3E4FE6D-D1E5-48DE-AF23-D37F3B3A2069}) (Version: 44.11.2778.22166 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScreenPal Web Launcher v3.0.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\ScreenPal v3 (WebLauncher)) (Version: - ScreenPal)
Software Update 6.63.0.63 (HKLM-x32\...\Software Update) (Version: 6.63.0.63 - Glarysoft Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stopping Plex (HKLM-x32\...\{0296DFD3-2270-44C6-A797-5928F4DB8BA1}) (Version: 1.40.1227 - Plex, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
Systweak Software Updater (HKLM-x32\...\Systweak Software Updater_is1) (Version: 1.0.0.40303 - Systweak Software) <==== ATTENTION
TreeSize Free V4.7.1 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.7.1 - JAM Software)
TunesBro ScreenGeeker (HKLM-x32\...\TunesBro ScreenGeeker_is1) (Version: 4.7.2 - TunesBro ScreenGeeker)
UCheck version 5.0.5.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 5.0.5.0 - Adlice Software)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Watchtower Library - English (HKLM-x32\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Web Launch Recorder (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WebLaunchRecorder) (Version: 2.0 - )
WhatsApp (Outdated) (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WhatsApp) (Version: 2.2326.10 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WinDirStat) (Version: - )
Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 6.5 - Digiarty, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 9 - WordWeb Software)
Zoom (64-bit) (HKLM\...\{3B21D66C-F004-4CC5-8DCD-0BC9F66515AC}) (Version: 5.16.26186 - Zoom)
Zoom Outlook Plugin (HKLM-x32\...\{6FB428F1-BEAC-41DE-A15C-24EDFD4C503B}) (Version: 5.15.5 - Zoom)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.931.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-04-26] (Dropbox Inc.)
File Analyzer -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzer_2.0.0.0_x64__2js97y2b9kjke [2021-07-05] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-22] (HP Inc.)
JW Library -> C:\Program Files\WindowsApps\WatchtowerBibleandTractSo.45909CDBADF3C_14.3.37.0_x64__5rz59y55nfz3e [2024-04-09] (Watchtower Bible and Tract Society of New York)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-23] (Microsoft Corporation)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.5.2130.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
NetBenefits by Fidelity -> C:\Program Files\WindowsApps\FidelityInvestments.NetBenefitsbyFidelity_2.7.4.0_x64__b03vwwp8y0xw6 [2022-10-24] (Fidelity Investments)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.14.0_x64__1crh1k73ty8mg [2023-02-23] (Media Life)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-03-21] (Adobe Systems Incorporated)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm [2024-04-12] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Dave\Dropbox [2018-10-21 14:12]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers2: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\nvshext.dll [2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dave\Documents\WDD 2TB External Drive\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\Dave\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\bbbf3001ec3bcba0\Honey.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=bmnlcjabgnpnenekpadlanbbkooimhnj
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Dave - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2024-03-21 13:29 - 2024-03-21 13:29 - 000433664 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\aac_decoder.dll
2024-04-12 02:07 - 2024-04-12 02:07 - 000251392 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\adpcm_ima_wav_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000573952 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\flv_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001803776 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\h264_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 002366464 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\libx264_encoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000329216 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\mp3_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000349696 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\vp6f_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000308224 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmapro_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000318976 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmav2_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001045504 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmv3_decoder.dll
2023-03-16 09:51 - 2008-08-25 18:29 - 000131072 _____ () [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\EnumDevLib.dll
2024-02-17 13:53 - 2023-06-20 01:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-03-16 09:51 - 2009-06-26 11:45 - 000405504 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlLib.dll
2023-03-16 09:51 - 2008-12-30 20:15 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\IpLib.dll
2023-03-16 09:51 - 2008-10-22 23:59 - 000036864 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlICS.dll
2022-06-25 20:21 - 2022-12-28 21:28 - 001111883 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-03-16 09:51 - 2006-07-05 06:45 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-11-10] (Belarc, Inc. -> Belarc, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12764 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2024-04-25 19:59 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2021-11-03 09:06 - 2021-11-07 16:32 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\Run: => "msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "WordWeb"
HKLM\...\StartupApproved\Run32: => "ccleaner_update_helper"
HKLM\...\StartupApproved\Run32: => "Phantom_Sl"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "ScreenPal Tray"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "zoommsirepair"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A6A7E66-B661-4CA8-93CB-E96B4A1AFBB7}] => (Allow) C:\Users\Dave\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{F83C9504-1877-4912-82DB-11926AB87C83}] => (Allow) C:\Users\Dave\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{C4DC6348-E807-4ABB-BD20-AACB61E80500}] => (Allow) LPort=1542
FirewallRules: [{208AF573-BE28-4E95-A6D3-8AEF0FF60EDD}] => (Allow) LPort=1542
FirewallRules: [{84350FCF-EF17-46F7-956D-20BFC368320C}] => (Allow) LPort=53
FirewallRules: [{1CB6E0A9-E373-4F3A-82B9-10BB28C2AB37}] => (Allow) LPort=67
FirewallRules: [{6070DC05-2544-401F-8FAA-285C178BEE2A}] => (Allow) LPort=68
FirewallRules: [{B4B75405-0140-4EDB-B119-F1DA096A3D8F}] => (Allow) LPort=53
FirewallRules: [{08FD6269-34C2-471E-AA03-326617561659}] => (Allow) LPort=53
FirewallRules: [{06825C83-97D2-4D96-9BE3-28D8738E7CC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CA393C37-E4A8-49E9-8787-BF8146BF6530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16112538-B5E9-46ED-BC63-A8327BE96DEC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9250A9F4-2B06-40A4-98E3-A6729E327A7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{79C3D286-1A90-45DB-A0FE-9052E57F7F4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC8F9981-076B-4EA0-AD19-C0250808AB87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88A6FDBE-3EA3-4C38-B4D0-8EBA5908A0AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1B091F3-38CF-4673-987B-5D9DFBB66D36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{77B49CCA-03B9-4C4A-BCBE-5B18557697A6}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{ED28603C-50AC-457E-80E9-DFBD1BE7F501}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{73E196CD-3D99-43EB-9449-FDFBC2A13295}] => (Allow) C:\Program Files\HP\HP ENVY 5000 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{C8F7665F-46E8-4949-B3EA-1D76AA5A4E6B}] => (Allow) LPort=5357
FirewallRules: [{E342539B-1B56-44E9-ABFC-773AE547002D}] => (Allow) C:\Program Files\HP\HP ENVY 5000 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [TCP Query User{8705D7EB-235E-4E81-9F79-DDB4CC428A75}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{58D2BA04-1E9D-4BAD-A7F8-E686E310E7C0}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{8BAC9B53-CDA2-4CC1-9BA0-40942CE0D73E}] => (Allow) C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{D740010D-760B-4D4C-A1EF-42DFC0C31B09}] => (Allow) C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [TCP Query User{2A5BF589-B354-4D38-B9F0-2D2BA3972CC4}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Block) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{04578443-87F6-4444-BDEF-D9B65E1A0E71}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{61C696E3-ED96-43FC-95E4-22F3D1A44464}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5E2ACE65-9DFF-4837-8EB0-80B58389376F}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3E0E847F-F555-43CD-A185-4302484318BF}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{67DA6AD9-6D51-4FD8-8241-047C4C4F22B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5FCAAC17-11E0-4AC2-B9AA-14F5C1F54BBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{862EB840-8DDB-4FB5-A24E-7CE4D6568D61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{601EB090-0857-4407-AFE4-61B955AD83EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E0906719-8799-4CF2-842B-9D1F393C2583}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{27DBA9F3-0C77-404D-ADB4-9EDC6C79167F}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{9EB5F25F-2982-45D6-9DD8-837E603E181D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{F29A37E5-4F10-40AC-BFEA-7EF76F9539CF}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{78FE9DB7-6112-448E-B681-8F691ED50798}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{00B49B27-3063-461B-B745-8BA82DEA3A19}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{D6CBBFC4-DAE5-4EBB-88B4-3B1F091D8991}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{7FB6BC83-04C6-4647-811E-F1FFA25B3DAF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{DB999181-5AF6-4861-B446-D55FE904F5B5}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{D4AA9E83-A8C4-4906-A575-C68924DFC2BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56FBBD98-D940-43FB-9AB9-28FCAB8175A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B3813FD5-7028-45DE-A497-8EB6D1C49E80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6EE382DC-3F42-49F7-A804-7EEC93C90B36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0DC64D1E-47C5-452D-A951-8FBF440161FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0C2FFBA7-2EBB-43C6-8C48-A005487E3AF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA9FCD1-72E2-42C3-B11E-147F94B9D07F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{84A35D8A-E733-43DB-8F77-52F2B5346769}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-04-2024 14:26:43 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/26/2024 02:07:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:07:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:07:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:07:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:07:36 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:06:31 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2024 02:06:30 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.

Error: (04/26/2024 02:06:30 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (04/26/2024 09:01:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (04/25/2024 08:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/25/2024 08:06:55 PM) (Source: DCOM) (EventID: 10010) (User: Dave-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/24/2024 03:25:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:03:11 PM on ‎4/‎24/‎2024 was unexpected.

Error: (04/22/2024 08:16:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (04/22/2024 08:16:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: 9PB1QWVW0R95-Microsoft.WindowsAppRuntime.1.4.

Error: (04/21/2024 06:51:07 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/21/2024 06:50:33 PM) (Source: DCOM) (EventID: 10005) (User: Dave-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
================
Date: 2024-04-26 08:23:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-26 08:13:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-26 07:56:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-24 09:44:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-24 09:40:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-04-21 18:49:00
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-04-21 18:34:30
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-04-21 18:29:54
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-30 12:02:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.828.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2024-01-09 11:20:40
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1841.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2024-04-27 08:16:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2024-04-27 08:10:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-04-27 08:08:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. FD 02/26/2016
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 8150.56 MB
Available physical RAM: 3410.41 MB
Total Virtual: 16342.56 MB
Available Virtual: 10205.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:564.99 GB) (Model: WDC WD1003FZEX-00K3CA0) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:11.52 GB) (Model: WDC WD1003FZEX-00K3CA0) FAT32

\\?\Volume{3f368315-d45d-11e8-8b54-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{62b55203-0000-0000-0000-30c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 62B55203)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)

==================== End of Addition.txt =======================

[pgmigg]

Well... lets continue.

First, we will run a new FRST-fix.

Please be patient during the fix and do not interfere... it may take some time to finish.

Step 1.
FRST Fix

1. Close all your programs.
2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
3. Hit your Windows Key + R to open a Run window
4. Type Notepad then click OK
5. This will open an empty Notepad document
6. Copy/Paste the following into it (Don't include Code: Select All ) .....

Code: Select all

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

startpowershell:
Set-Service -Name "BITS" -StartupType Manual -Verbose
Set-Service -Name "Dhcp" -StartupType Automatic -Verbose
Set-Service -Name "EventLog" -StartupType Automatic -Verbose
Set-Service -Name "EventSystem" -StartupType Automatic -Verbose
Set-Service -Name "nsi" -StartupType Automatic -Verbose
Set-Service -Name "RasMan" -StartupType Manual -Verbose
Set-Service -Name "SDRSVC" -StartupType Manual -Verbose
Set-Service -Name "SstpSvc" -StartupType Manual -Verbose
Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose
Set-Service -Name "VSS" -StartupType Manual -Verbose
Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose
Set-Service -Name "wuauserv" -StartupType Manual -Verbose

Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples

Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
endpowershell:

ExportKey: HKCU\software\classes\ms-settings\shell\open\command
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
ExportKey: SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /resetrepository
CMD: winmgmt /resyncperf
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: sfc /scannow

Hosts:
RemoveProxy:
C:\WINDOWS\SysWOW64\*.tmp
C:\WINDOWS\System32\*.tmp
C:\Windows\SystemTemp\*.tmp
EmptyTemp:
End::

• Save it as fixlist.txt to the same location as FRST (must be in this location)
• NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
• Now press the Fix button once and wait.
• FRST will process fixlist.txt
• If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
• Please post me the log

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the fixlog.txt log file
3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[jwdo]

Here is fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (27-04-2024 16:12:06) Run:2
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

startpowershell:
Set-Service -Name "BITS" -StartupType Manual -Verbose
Set-Service -Name "Dhcp" -StartupType Automatic -Verbose
Set-Service -Name "EventLog" -StartupType Automatic -Verbose
Set-Service -Name "EventSystem" -StartupType Automatic -Verbose
Set-Service -Name "nsi" -StartupType Automatic -Verbose
Set-Service -Name "RasMan" -StartupType Manual -Verbose
Set-Service -Name "SDRSVC" -StartupType Manual -Verbose
Set-Service -Name "SstpSvc" -StartupType Manual -Verbose
Set-Service -Name "TrustedInstaller" -StartupType Manual -Verbose
Set-Service -Name "VSS" -StartupType Manual -Verbose
Set-Service -Name "Winmgmt" -StartupType Automatic -Verbose
Set-Service -Name "wuauserv" -StartupType Manual -Verbose

Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples

Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
endpowershell:

ExportKey: HKCU\software\classes\ms-settings\shell\open\command
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
ExportKey: SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /resetrepository
CMD: winmgmt /resyncperf
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: sfc /scannow

Hosts:
RemoveProxy:
C:\WINDOWS\SysWOW64\*.tmp
C:\WINDOWS\System32\*.tmp
C:\Windows\SystemTemp\*.tmp
EmptyTemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.

========= Powershell: =========


========= End of Powershell: =========

================== ExportKey: ===================

[HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\software\classes\ms-settings\shell\open\command]
"HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\software\classes\ms-settings\shell\open\command" => not found
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions]
"DisableAutoExclusions"="1"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\IpAddresses]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" => not found
================== ExportKey: ===================

[SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


========= netsh winhttp reset proxy =========


Current WinHTTP proxy settings:

Direct access (no proxy server).



========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


========= End of CMD: =========


========= Winmgmt /salvagerepository =========

WMI repository is consistent


========= End of CMD: =========


========= Winmgmt /resetrepository =========

WMI repository reset failed
Error code: 0x8007041B
Facility: Win32
Description: A stop control has been sent to a service that other running services are dependent on.



========= End of CMD: =========


========= winmgmt /resyncperf =========

0

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2

========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4182419237-4015324695-3907471336-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4182419237-4015324695-3907471336-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== "C:\WINDOWS\SysWOW64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\SysWOW64\*.tmp" ========


=========== "C:\WINDOWS\System32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\System32\*.tmp" ========


=========== "C:\Windows\SystemTemp\*.tmp" ==========

not found

========= End -> "C:\Windows\SystemTemp\*.tmp" ========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21129754 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 11499784 B
Edge => 0 B
Chrome => 180986679 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2340 B
Dave => 17529489 B
Administrator => 17529489 B

RecycleBin => 0 B
EmptyTemp: => 238.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:32:29 ====

[pgmigg]

Very well - great job, jwdo!

Now please run the following tools to check your system for PUA/PUP/Adware.

Step 1.
Scan with Malwarebytes

1. If you already have Malwarebytes Anti-Malware installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
2. If you don't have Malwarebytes installed or if you don't run the newest version yet, please download it from here and install it.
3. Once the MBAM dashboard opens, click on Settings (gear icon).
4. Click on Security tab and make sure that all four Scan options are enabled.
5. Close Settings and click on the Scan button on the dashboard.
6. Once the scan is completed make sure you have it quarantine any detections it finds.
7. If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
8. If there were detections then once the quarantine has completed, click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop and post me that log on your next reply.
9. If the computer restarted to quarantine, you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, save the file as a Text file to your desktop and paste that log on your next reply.
10. If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

Step 2.
Scan with AdwCleaner

1. Please download AdwCleaner and save it to your Desktop.
2. Double-click to run it.
3. Accept the End User License Agreement.
4. Click Scan Now button.
5. When finished, if items are found please click Next / Quarantine.
6. Maybe your PC will be rebooted, then AdwCleaner will be opened automatically.
7. Click View Log File.
8. AdwCleaner will open one log (AdwCleaner[Cxx].txt).
9. Please paste the log to your next reply.

Step 3.
Scan with ESET

1. Please download ESET and save it to your Desktop.
2. It will start a download of "esetonlinescanner.exe". Save the file to the Desktop.
3. Go to the saved file, and double click it to get it started.
4. When presented with the initial ESET options, click on "Computer Scan".
5. Next, when prompted by Windows, allow it to start by clicking Yes.
6. When prompted for scan type, click on Full scan.
7. Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button.
8. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display.
9. You should ignore all prompts to get the ESET antivirus software program. (e.g. their standard program). You do not need to buy or get or install anything else.
10. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
11. Click the blue “Save scan log” to save the log.
12. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” (in blue, at the bottom).
13. Press Continue when all done. You should click to off the offer for “periodic scanning”.

Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner


Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the MBAM log file after Malwarebytes scan
3. Contents of the AdwCleaner[Cxx].txt log file after AdwCleaner scan
4. Contents of the ESET log file after ESET scan
5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[jwdo]

Here is Malwarebytes text:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/24
Scan Time: 6:43 PM
Log File: c51a42ba-0500-11ef-a604-e0d55e78e764.json

-Software Information-
Version: 4.6.12.323
Components Version: 1.0.2309
Update Package Version: 1.0.83968
License: Free

-System Information-
OS: Windows 10 (Build 19045.4291)
CPU: x64
File System: NTFS
User: Dave-PC\Dave

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 295163
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 11 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[jwdo]

Here is AdwCleaner text:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-27-2024
# Duration: 00:00:07
# OS: Windows 10 (Build 19045.4291)
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\OSTotoSoft
Deleted C:\ProgramData\Qweb
Deleted C:\Users\Dave\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Dave\AppData\Roaming\Systweak

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted HKCU\Software\Classes\.bgl
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\systweak
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C9DEE41-1672-4E83-912D-AB0777438CF9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Systweak Software Updater_is1
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
Deleted HKLM\Software\Wow6432Node\systweak
Deleted HKLM\Software\systweak
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

Deleted mehnejgknjfgfdmijlaloodhdgnbgdgn

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3565 octets] - [27/04/2024 19:07:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[jwdo]

Here is ESET text:
4/28/2024 7:54:47 AM
Scanned files: 652322
Detected files: 13
Cleaned files: 14
Total scan time 05:19:49
Scan status: Finished
C:\Program Files\Ashampoo\Ashampoo Driver Updater\ashpdu.exe a variant of MSIL/GT32SupportGeeks.AC potentially unwanted application cleaned by deleting

C:\Program Files (x86)\Systweak Software Updater\notifierlib.dll a variant of MSIL/Systweak.A potentially unwanted application cleaned by deleting

C:\Users\Dave\Documents\Computer\Product Keys\2 BackupWindowsKey.vbs VBS/HackTool.Agent.AI potentially unsafe application cleaned by deleting (after the next restart)

C:\Users\Dave\Documents\Computer\Product Keys\WindowsBackupKey.vbs VBS/HackTool.Agent.AI potentially unsafe application cleaned by deleting (after the next restart)

C:\Users\Dave\Documents\Computer\Windows\Product Keys\BackupWindowsKey.vbs VBS/HackTool.Agent.AI potentially unsafe application cleaned by deleting (after the next restart)

C:\Users\Dave\Downloads\backupwindowskey\BackupWindowsKey.vbs VBS/HackTool.Agent.AI potentially unsafe application cleaned by deleting

C:\Users\Dave\Downloads\Computer Analyzers\Speccy (good)\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

C:\Users\Dave\Downloads\Drivers\Driver Updaters\06 ashampoo_driver_updater_1.6.1_sm.exe a variant of Win32/GT32SupportGeeks.O potentially unwanted application cleaned by deleting

C:\Users\Dave\Downloads\Music-Video-Text files\Video\Sav-Vid\save-vid-1.8.6.exe Win32/AllerUpdater.A potentially unwanted application cleaned by deleting

C:\Users\Dave\Downloads\Software analyzer_Updater\12 Updaters\11 systweak software update setupg_systweak-default.exe a variant of MSIL/Systweak.A potentially unwanted application cleaned by deleting

C:\Users\Dave\Downloads\Software analyzer_Updater\8 Updaters\04 systweak software update setupg_systweak-default.exe a variant of MSIL/Systweak.A potentially unwanted application cleaned by deleting

C:\Users\Dave\Downloads\Virtual Disk Drive\Daemon Tools\daemon4.30.4-lite.exe a variant of Win32/Adware.Toolbar.Shopper.AG application cleaned by deleting

C:\Users\Dave\Downloads\Virus and Spyware Removal Tools\jv16 PowerTools 2008\jv16pt_setup_hb.exe a variant of Win32/Macecraft.A potentially unwanted application cleaned by deleting

[jwdo]

After a restart Windows Defender now says I have two viruses: PUIDIManaqger:Win32/OfferCore and PUABundler:Win32/PiriformBundler

[pgmigg]

Very well jwdo - you gave me a lot of information!
Lets continue...

Now I need a fresh FRST scan and FRST Registry search:

Step 1.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.

1. Please close all open programs and windows.
2. Right-click FRST64.exe and select "Run as administrator..." to run it.
3. When the tool opens click Yes to the disclaimer if it is occurred.
4. Please be sure that Addition.txt check box under Optional Scan section is checked.
5. Press Scan button. When finished a two logs FRST.txt and Addition.txt will be created and opened in Notepad.
6. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Step 2.
Registry Search with FRST64
You should still have FRST64.exe on your Desktop.

1. Please close all open programs and windows.
2. Right-click FRST64.exe and select "Run as administrator..." to run it.
3. When the tool opens click Yes to the disclaimer if it is occurred.
4. Copy/Paste the following line into the Search: box:
   

   OfferCore;PUABundler;PiriformBundler;PUIDIManaqger
   

5. Press the Search Registry button. When finished a log SearchReg.txt will be created and opened in Notepad.
6. Please post the content of the both SearchReg.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the FRST.txt log file after fresh FRST scan
3. Contents of the Addition.txt log file after fresh FRST scan
4. Contents of the SearchReg.txt log file after Registry Search by FRST
5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[jwdo]

Here is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by Dave (administrator) on DAVE-PC (28-04-2024 15:32:46)
Running from C:\Users\Dave\Desktop\FRST64.exe
Loaded Profiles: Dave & Administrator
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\90.0.3.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2403.5.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11551632 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6975864 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11247648 2024-04-21] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [MicrosoftEdgeAutoLaunch_525658F00744E14F17037BCCD3CC786D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4082112 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Print\Monitors\HP 0853 Status Monitor: C:\WINDOWS\system32\hpinksts0853LM.dll [476856 2019-03-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5000 series): C:\WINDOWS\system32\HPDiscoPM0853.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.91\Installer\chrmstp.exe [2024-04-27] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B868A5A-309C-4B26-8510-45FEAEEBDD39} - System32\Tasks\{FD54965B-CC62-49DD-B566-0FB9EC51EB21} => C:\Windows\System32\pcalua.exe [53760 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH\setup.exe -d C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH
Task: {DFCD6C2B-3897-4B02-97C2-7AC16B827023} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {941B174E-0870-49FD-89D9-D12D31D41760} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {93BBBB91-41ED-40D4-AC8A-80E778716B1F} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-11-17] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {E88A9596-EE2F-4093-A61C-56FCA62C2893} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {415D11DF-2D38-47EC-8E0D-B72054A94B7F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "1e19de12-5a41-46bc-b82b-e4e77ac56060" --version "6.23.11010" --silent
Task: {0CCB9D4C-FA40-4825-B33F-C5914611F588} - System32\Tasks\CCleanerSkipUAC - Dave => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DDD5A1FC-AEA1-42EE-AF98-2AEF1B1C866D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {CD166542-F4D9-4FAC-812B-963A101BEE40} - System32\Tasks\Driver Booster SkipUAC (Dave) => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\DriverBooster.exe" /skipuac (No File)
Task: {1B36D84A-2374-42A4-97C9-E52C14743354} - System32\Tasks\Driver Booster Update => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\AutoUpdate.exe" /auto (No File)
Task: {6A375C80-2380-48EB-B719-CC2A21488DF8} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [4036480 2023-06-06] (Easeware Technology Limited -> Easeware) -> C:\Program Files\Easeware\DriverEasy\--scan
Task: {C5E29409-A453-4712-ADED-CE411BA4AA2C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {325E84FF-A85B-4A4C-B566-8E84D86A8297} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {610E51D6-F7F7-4400-BE57-322DC2436DA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2DEA2A49-CA51-4E2A-8DDF-AE4FB144FD9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {2F40F489-3391-456A-AE87-7F2ED37ABE73} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {D82E3D48-16D1-433F-8335-57803A159015} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {3F877861-7CC3-4D44-B8BB-B21139C5195B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {2E73767F-4AC5-4CAD-AA2E-6FA24787E7C8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {8322D888-280B-466F-AD72-0CA25B41BC45} - System32\Tasks\HPCustPartic.exe_{A9B495E6-E826-4F50-97A5-032272AB3E58} => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {1D0C96DD-8C6B-42BB-B762-1F164072629F} - System32\Tasks\HPCustParticipation HP ENVY 5000 series => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {493CA380-C4C0-4F5B-8E87-3E3736DA7106} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {67FEBD2C-00B8-4088-8722-C0E619675FFB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {096904DC-4194-4ECF-B773-68CAE46BA45A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe -Daily (No File)
Task: {FD1AC3FB-F420-45A1-9C95-521055A59BC2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {5B28B241-5329-4026-A326-ADF510444C52} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {D57E5365-BB8B-471D-A7DA-CC1D6B58B7BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {069BD4D8-2593-40CF-B3AE-E1292D13B17C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {2ABC0882-5F8B-4489-AFC2-2FCABB6CCFB6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {08EA6DBA-60B8-4BE3-B61D-30D0A234A9FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {D796E70E-A3B2-498E-B46E-5FDCACF0571E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {4CACF05D-5EA3-4484-86C4-654473548659} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {7A071A03-0F85-4AB0-A056-D149DD8BBACA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A3B3620B-494D-493A-88CB-AD136F949375} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {99456242-E155-4444-B6A1-2C2353B77678} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {2E9572EE-E4F6-4E7E-BF55-4E26494045F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {E2FBF8C3-C68D-4E93-84E8-2366FD125899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {FF5876C5-4EFB-49E8-9D80-1B89D2717DE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BB6E729F-9653-43F8-A5FB-02FD38E777E6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {92CEC713-5199-4946-9AAE-F610BD442836} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {5F36ADB3-20A9-454D-ADCD-E39E74EF675B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {9C61194E-54BF-4AE0-9FDA-39876A1DB0DF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {8190DCFC-256D-438E-98A5-9F1745933597} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {338ECEFE-E0EA-455E-9234-F71F36E78584} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {BDA8A301-B92B-492B-BAD2-75488FF18606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9369BBC8-4A57-4A67-A10B-1FE6A1A2C1C2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {500A976C-603C-42CF-91A0-2CE8A08066AA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F7CFD29-316A-4055-8288-33DE28F4A258} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {9ACB4B99-6459-4C3C-BC4C-53C4EAA21893} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {73ACFD01-D105-4D4F-9290-7DA6C7675159} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {EE0FE736-87AF-4B80-8DE9-FACC26A64EBE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {507785E3-6B72-4CF6-9AD5-BB36AA807E06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34807CC3-8BD0-455F-A2D5-EEE6C14E770C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B06297C-4AD8-4FB2-BFC4-739AAAC9BE2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0481C891-69DB-4BE1-B215-CB75542F2DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FBF4108-1525-4D9D-AF78-22962B0BB15F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {177F6B9F-5D04-4E03-8C05-6624740BFD3C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {41ED38DF-BB53-494A-8034-49AA0AB13C30} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {777492D2-6149-4DE1-8A08-83EF445583E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FFD823A-65CC-4D8C-A94D-5D747D65F82B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {20D17AF5-8FEF-4EE6-8848-BAFA6276989A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97E1C190-5DAA-40C3-9A62-3EB64613831C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09021979-FAC0-4FF5-BBA0-05B0960506E0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B694463C-A27B-4A9F-974E-5DF2DE13C6AD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {753BC523-A924-4E65-BFA2-0D2B75CDD1DF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FC122B3-712B-471F-AD11-D1C9E8C132E6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5CDD4E97-AB3F-465C-A3F3-AE1D03CB1770} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {2E2132F2-F3AA-41A9-AA06-8744A399C049} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8A36A838-4160-4129-A7F0-B6946B94849F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {65659F3C-E07D-400C-B2B6-DFA494F0AA60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B7AABF2A-BE29-4D72-B944-8833FF3ACA28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {EAA67B9E-D7F7-4480-A88A-00F260B75845} - System32\Tasks\Software Update => C:\Program Files (x86)\Glarysoft\Software Update\Software Update.exe [1023384 2023-11-28] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {1DBF6FE4-3581-4937-98B4-934241C099D7} - System32\Tasks\Systweak Software Updater AppUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe updatecheck (No File)
Task: {8A55307B-7731-448F-9DF9-73F3846F20D7} - System32\Tasks\Systweak Software Updater DBUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe SSU_DBUpdate (No File)
Task: {B010E9C5-7CFC-4E16-A2ED-5E57EE95942A} - System32\Tasks\Systweak Software Updater Notifier => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe ssu_notifiernag (No File)
Task: {1BE79A07-E15B-43A2-B073-2A8C4961274F} - System32\Tasks\Systweak Software UpdaterNotifier => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe neweventtrigger (No File)
Task: {8E3D182C-B0C2-41BD-B072-41360EE178FC} - System32\Tasks\Systweak Software UpdaterNotifier_startup => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe startup (No File)
Task: {E8412613-E2EB-40DC-9CE4-89E79A23B3E6} - System32\Tasks\Systweak Software UpdaterNotifier_trigger => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe startup neweventtrigger (No File)
Task: {11B453D6-C9BA-4031-94DE-1AE4AB4FD297} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18164424 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) -> C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\\-AUSCAN

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpDomain] home
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}\44166756: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-28]
Edge Notifications: Default -> hxxps://djst.org
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-27]
Edge Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-04]
Edge Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-01-05]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-04-23]
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-03-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: rvkvazm3.default-1674403214688
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rvkvazm3.default-1674403214688 [2024-04-27]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2024-04-25]
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-23]
CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-23]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-23]
CHR Extension: (Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-26]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-04-25]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-04-28]
CHR Notifications: Profile 1 -> hxxps://www.hp.com; hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2024-04-14]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-01]
CHR Extension: (Foxit PDF Creator) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-09-26]
CHR Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-04-24] (Dropbox, Inc -> Dropbox, Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
S3 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2366048 2023-04-17] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-07] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [829208 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R2 Realtek92SU; C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [40960 2009-02-05] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Dave\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-10-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49664 2022-07-15] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-28 15:32 - 2024-04-28 15:34 - 000049726 _____ C:\Users\Dave\Desktop\FRST.txt
2024-04-27 19:16 - 2024-04-28 08:10 - 000001418 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-27 19:16 - 2024-04-27 19:16 - 000000000 ____D C:\Users\Dave\AppData\Local\ESET
2024-04-27 19:06 - 2024-04-27 19:08 - 000000000 ____D C:\AdwCleaner
2024-04-27 07:14 - 2024-04-27 07:14 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-26 14:06 - 2024-04-26 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-04-26 08:47 - 2024-04-26 08:47 - 001609850 _____ C:\Users\Dave\Documents\bookmarks_4_26_24.html
2024-04-25 20:09 - 2024-04-25 20:09 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-04-24 17:51 - 2024-04-24 17:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-04-23 14:19 - 2024-04-22 16:48 - 002394112 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2024-04-23 14:03 - 2024-04-28 15:34 - 000000000 ____D C:\FRST
2024-04-22 08:14 - 2024-04-22 08:14 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000002424 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-22 08:10 - 2024-04-22 08:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-04-22 08:07 - 2024-04-22 08:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\ansel
2024-04-22 08:05 - 2024-04-22 08:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-04-22 08:05 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-04-22 08:05 - 2024-04-22 08:05 - 000002348 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000001996 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-04-22 08:04 - 2024-04-22 08:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2024-04-22 08:04 - 2021-06-20 17:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-04-22 08:04 - 2018-10-23 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-04-22 08:04 - 2009-07-14 00:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-04-22 08:03 - 2024-04-25 20:06 - 000000000 ____D C:\Users\Administrator
2024-04-22 08:03 - 2024-04-22 08:13 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-04-21 18:30 - 2024-04-21 18:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-21 10:30 - 2023-06-07 07:38 - 000455008 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20240421-103051.backup
2024-04-19 13:04 - 2024-04-19 13:12 - 000000000 ____D C:\Users\Dave\Downloads\Operating Systems
2024-04-19 11:57 - 2024-04-19 12:50 - 000000000 ____D C:\Users\Dave\Downloads\Virtual Machine
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio
2024-04-19 11:03 - 2024-04-19 11:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\obs-studio
2024-04-18 08:38 - 2024-04-19 12:52 - 000000000 ____D C:\Users\Dave\Documents\Medical
2024-04-18 08:06 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\ws_E_202407c.pdf
2024-04-18 08:05 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\w_E_202407.pdf
2024-04-11 09:18 - 2024-04-11 09:18 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-11 09:17 - 2024-04-11 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-11 08:35 - 2024-04-11 08:35 - 000000000 ___HD C:\$WinREAgent
2024-04-08 08:32 - 2024-04-19 14:56 - 000000000 ____D C:\Users\Dave\Documents\Z Payments

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-28 15:19 - 2018-10-19 17:13 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-28 15:17 - 2018-10-20 01:48 - 000000000 ___SD C:\Users\Dave\AppData\Roaming\Microsoft\Credentials
2024-04-28 15:16 - 2021-06-20 17:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-28 09:34 - 2020-09-03 07:53 - 000000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2024-04-28 09:12 - 2021-07-31 13:59 - 000000000 ____D C:\Users\Dave\Documents\Test Folder
2024-04-28 08:28 - 2018-10-21 14:08 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
2024-04-28 08:28 - 2018-10-21 14:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Dropbox
2024-04-28 08:26 - 2021-12-17 10:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-28 08:26 - 2020-04-20 21:04 - 000000000 ___RD C:\Users\Dave\Google Drive
2024-04-28 08:26 - 2018-12-13 17:39 - 000000000 ____D C:\Users\Dave\AppData\Local\Plex Media Server
2024-04-28 08:26 - 2018-10-23 12:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-28 08:25 - 2023-05-09 16:15 - 000000000 ____D C:\Users\Dave\AppData\Local\Malwarebytes
2024-04-28 08:24 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-28 08:23 - 2021-06-20 17:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-28 08:23 - 2021-06-20 17:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-28 08:22 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-28 08:12 - 2018-10-25 10:26 - 000000000 ____D C:\Users\Dave\Desktop\Virus and Spyware
2024-04-27 21:05 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\backupwindowskey
2024-04-27 19:26 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-27 19:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-27 19:14 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Virus and Spyware Removal Tools
2024-04-27 19:08 - 2023-05-09 13:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IObit
2024-04-27 19:00 - 2018-10-22 15:37 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2024-04-27 17:00 - 2021-06-21 12:39 - 000000000 ____D C:\Users\Dave\AppData\Roaming\FreeFileSync
2024-04-27 17:00 - 2018-10-21 14:12 - 000000000 ___RD C:\Users\Dave\Dropbox
2024-04-27 16:47 - 2023-06-08 16:00 - 000000000 _____ C:\Users\Dave\Documents\HPSmartPrintingPort
2024-04-27 16:47 - 2022-03-15 08:13 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Temp
2024-04-27 16:32 - 2021-06-20 17:42 - 000000000 ____D C:\Users\Dave
2024-04-27 11:06 - 2021-07-20 13:29 - 000003810 _____ C:\WINDOWS\system32\Tasks\UninstallMonitor
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-26 14:07 - 2018-10-21 14:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-04-26 09:01 - 2021-06-20 17:41 - 000935286 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-26 09:01 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-26 08:59 - 2018-10-25 16:39 - 000000000 ____D C:\Users\Dave\Documents\Passwords
2024-04-26 08:55 - 2018-10-22 15:59 - 000000000 ____D C:\Users\Dave\AppData\Local\Everything
2024-04-25 19:59 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2024-04-25 19:59 - 2009-07-13 20:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-04-25 19:51 - 2019-01-02 14:34 - 000000000 ____D C:\Program Files (x86)\NirSoft
2024-04-25 19:48 - 2018-10-23 12:51 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Word
2024-04-24 08:28 - 2018-12-23 10:45 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Excel
2024-04-23 11:08 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\FixWindows Media Player
2024-04-22 16:36 - 2018-10-25 16:47 - 000000000 ____D C:\Users\Dave\Documents\Computer
2024-04-22 16:25 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Software analyzer_Updater
2024-04-22 16:25 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\Anti-Keyloggers
2024-04-22 15:46 - 2018-10-25 10:23 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2024-04-22 14:24 - 2018-10-25 16:52 - 000000000 ____D C:\Users\Dave\Documents\Health
2024-04-22 08:11 - 2018-10-25 10:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-22 08:06 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-22 08:05 - 2021-06-20 17:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-21 18:52 - 2022-11-26 10:45 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-21 18:52 - 2022-07-08 12:34 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-21 18:51 - 2019-01-02 15:29 - 000000000 ____D C:\WINDOWS\pss
2024-04-21 18:29 - 2021-01-29 11:03 - 000000000 ____D C:\Program Files\CCleaner
2024-04-21 11:41 - 2021-06-23 08:11 - 000000000 ____D C:\Users\Dave\AppData\Local\D3DSCache
2024-04-21 11:40 - 2022-11-26 10:45 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-21 11:39 - 2021-06-20 17:52 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-21 11:36 - 2018-10-25 10:28 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-04-21 08:40 - 2018-10-25 10:33 - 000000000 ____D C:\ProgramData\TEMP
2024-04-21 08:39 - 2018-10-25 10:33 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-04-20 15:38 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Word Processers
2024-04-19 16:09 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Screen capture & recording programs
2024-04-19 13:09 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Files -Folders
2024-04-19 10:18 - 2021-05-15 13:38 - 000000000 ___RD C:\Users\Dave\OneDrive
2024-04-19 09:39 - 2018-12-31 13:08 - 000000000 ___RD C:\Users\Dave\Desktop\Computer Analyzers
2024-04-19 09:38 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Computer Analyzers
2024-04-14 12:12 - 2021-06-20 17:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-12 03:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-11 10:39 - 2021-06-20 17:36 - 000458168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-11 10:36 - 2023-12-13 13:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-11 10:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-11 09:28 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-11 09:16 - 2021-06-20 17:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 17:21 - 2023-03-23 07:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-10 17:21 - 2018-10-23 16:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-10 10:42 - 2023-10-08 07:47 - 000022693 _____ C:\Users\Dave\Downloads\PH Territory # 61.xlsx
2024-04-10 09:39 - 2018-10-19 17:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 09:32 - 2018-10-19 17:12 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-10 08:33 - 2021-06-20 17:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 21:07 - 2018-10-25 16:42 - 000000000 ____D C:\Users\Dave\Documents\A Theocratic Items
2024-04-08 12:03 - 2021-06-21 12:39 - 000000000 ____D C:\Program Files\FreeFileSync
2024-04-08 12:02 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Backup and Cloud Software
2024-04-03 19:04 - 2021-06-20 17:52 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-03 19:04 - 2021-06-20 17:52 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-01 14:08 - 2023-08-04 09:59 - 000000000 ____D C:\Users\Dave\Documents\Password Protected Files
2024-04-01 11:21 - 2018-10-25 16:41 - 000000000 ____D C:\Users\Dave\Documents\Medicare

==================== Files in the root of some directories ========

2019-07-26 12:46 - 2020-03-21 15:28 - 001178624 _____ (CPUID) C:\Users\Dave\AppData\Roaming\siw_sdk.dll
2022-07-31 07:32 - 2022-07-31 07:32 - 000000423 _____ () C:\Users\Dave\AppData\Roaming\u_data.lgvnx
2022-09-28 09:11 - 2022-09-28 09:11 - 000004096 ____H () C:\Users\Dave\AppData\Local\keyfile3.drm
2021-03-29 18:12 - 2021-03-29 18:12 - 000000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[jwdo]

Here is the Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (28-04-2024 15:35:32)
Running from C:\Users\Dave\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2021-06-21 00:53:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4182419237-4015324695-3907471336-500 - Administrator - Enabled) => C:\Users\Administrator
Dave (S-1-5-21-4182419237-4015324695-3907471336-1000 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-4182419237-4015324695-3907471336-503 - Limited - Disabled)
Guest (S-1-5-21-4182419237-4015324695-3907471336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4182419237-4015324695-3907471336-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4182419237-4015324695-3907471336-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{2DC070EE-D256-4564-BC7C-A78085F22080}) (Version: 4.28.0.5600 - Open Media LLC)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 13 (HKLM-x32\...\AU11_is1) (Version: 13.26.0.68 - Innovative Solutions)
Airlink101 WLAN Monitor (HKLM-x32\...\{9C048189-055C-4a0c-A916-1D8C132455EB}) (Version: 1.01.0095 - REALTEK Semiconductor Corp.)
Amazon Kindle (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Amazon Kindle) (Version: 1.40.1.65535 - Amazon)
AOMEI Partition Assistant 10.2.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: 10.2.1 - AOMEI International Network Limited.)
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ashampoo Driver Updater (HKLM\...\{0A11EA01-9351-AD68-8AFA-02337415E1F8}_is1) (Version: 1.6.1 - Ashampoo GmbH & Co. KG)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC16014E7500}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Audacity 3.4.2 (HKLM\...\Audacity_is1) (Version: 3.4.2 - Audacity Team)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{814f6cd2-0708-44fd-869c-24fd0c01dad9}) (Version: 2.7.8 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\{b8aa1655-5339-4004-ab71-e69f55477cc8}) (Version: 2.8.1 - Mean)
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Bible Mapper 5 (HKLM-x32\...\{81CFDC81-A76D-4098-A8A8-D2BC21340D51}) (Version: 5.1 - BarrettWare)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.14.0.1061 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacksServices) (Version: 3.0.2 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\BlueStacks X) (Version: 10.5.0.1016 - now.gg, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother HL-5250DN (HKLM-x32\...\{30DC4A13-6C77-4576-9D31-3C7B80847AAF}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{B3DF9767-C635-4558-A655-D586070E2CE3}) (Version: 124.0.6367.18 - Google LLC)
ClipGrab 3.9.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - The ClipGrab Project)
CrystalDiskInfo 9.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.1 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 197.4.7629 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.1 - Sharpened Productions)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FilExile (HKLM-x32\...\{37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC}_is1) (Version: 3.00 - Bryan Carey)
Folder Size 4.9.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 4.9.0.0 - MindGems, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.1.1.1017 - Digital Wave Ltd)
Free Video Flip and Rotate (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.1.35.831 - Digital Wave Ltd)
FreeFileSync (HKLM-x32\...\FreeFileSync_is1) (Version: 13.5 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.91 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 90.0.3.0 - Google LLC)
Hot Illustrations 1.0 (HKLM-x32\...\Hot Illustrations 1.0) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{71175310-91E7-49E9-A714-15151F839268}) (Version: 44.5.501.81934 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{1DE1A510-1B9F-409E-A586-34C6DB1EDF1F}) (Version: 44.5.0.0 - HP)
HP ENVY 5000 series Basic Device Software (HKLM\...\{51F12478-A80C-47F4-850F-B31D7DAF9365}) (Version: 44.11.2778.22166 - HP Inc.)
HP ENVY 5000 series Help (HKLM-x32\...\{B868134D-0D88-4973-BDD8-07E2522C9102}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{8202C130-5331-4FA4-9B94-CD5B7D595971}) (Version: 44.5.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C7242B1F-50CF-4C88-92C0-6012281B0E72}) (Version: 44.5.501.81934 - HP)
HP OneDrive Plugin (HKLM-x32\...\{88B06412-906E-473D-B69B-71EB040F15F5}) (Version: 44.5.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{C3547CAA-C272-4A32-9A53-358892E9026B}) (Version: 44.5.0.0 - HP)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.66 - Martin Malik, REALiX s.r.o.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Mailsware EML Converter Toolkit (HKLM-x32\...\Mailsware EML Converter Toolkit_is1) (Version: - Mailsware)
Malwarebytes version 4.6.12.323 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.12.323 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{2AA3C13E-0531-41B8-AE48-AE28C940A809}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30153 (HKLM-x32\...\{e3aefa8b-a2ea-42b8-a384-95f2ff6df681}) (Version: 14.29.30153.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30153 (HKLM-x32\...\{F263DEED-F2D3-4AB2-9D1C-C47ED5AA8BFC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30153 (HKLM-x32\...\{F3E4AF00-C81D-4253-B947-67DD661932EC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 120.0 (x64 en-US)) (Version: 120.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0 - Mozilla)
Mp3tag v3.23 (HKLM-x32\...\Mp3tag) (Version: 3.23 - Florian Heidenreich)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{7520AAFB-1D48-487F-B935-FD7C5704F0C4}) (Version: 1.40.1227 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{78529c24-adb9-454f-aaa7-165c17c33375}) (Version: 1.40.1.8227 - Plex, Inc.)
Product Improvement Study for HP ENVY 5000 series (HKLM\...\{A3E4FE6D-D1E5-48DE-AF23-D37F3B3A2069}) (Version: 44.11.2778.22166 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScreenPal Web Launcher v3.0.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\ScreenPal v3 (WebLauncher)) (Version: - ScreenPal)
Software Update 6.63.0.63 (HKLM-x32\...\Software Update) (Version: 6.63.0.63 - Glarysoft Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stopping Plex (HKLM-x32\...\{0296DFD3-2270-44C6-A797-5928F4DB8BA1}) (Version: 1.40.1227 - Plex, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
TreeSize Free V4.7.1 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.7.1 - JAM Software)
TunesBro ScreenGeeker (HKLM-x32\...\TunesBro ScreenGeeker_is1) (Version: 4.7.2 - TunesBro ScreenGeeker)
UCheck version 5.0.5.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 5.0.5.0 - Adlice Software)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Watchtower Library - English (HKLM-x32\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Web Launch Recorder (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WebLaunchRecorder) (Version: 2.0 - )
WhatsApp (Outdated) (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WhatsApp) (Version: 2.2326.10 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\WinDirStat) (Version: - )
Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinX YouTube Downloader (HKLM-x32\...\WinX YouTube Downloader) (Version: 6.5 - Digiarty, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 9 - WordWeb Software)
Zoom (64-bit) (HKLM\...\{3B21D66C-F004-4CC5-8DCD-0BC9F66515AC}) (Version: 5.16.26186 - Zoom)
Zoom Outlook Plugin (HKLM-x32\...\{6FB428F1-BEAC-41DE-A15C-24EDFD4C503B}) (Version: 5.15.5 - Zoom)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.931.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-04-26] (Dropbox Inc.)
File Analyzer -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzer_2.0.0.0_x64__2js97y2b9kjke [2021-07-05] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-22] (HP Inc.)
JW Library -> C:\Program Files\WindowsApps\WatchtowerBibleandTractSo.45909CDBADF3C_14.3.37.0_x64__5rz59y55nfz3e [2024-04-09] (Watchtower Bible and Tract Society of New York)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-23] (Microsoft Corporation)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.5.2130.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
NetBenefits by Fidelity -> C:\Program Files\WindowsApps\FidelityInvestments.NetBenefitsbyFidelity_2.7.4.0_x64__b03vwwp8y0xw6 [2022-10-24] (Fidelity Investments)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.14.0_x64__1crh1k73ty8mg [2023-02-23] (Media Life)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-03-21] (Adobe Systems Incorporated)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.10.0_x64__cv1g1gvanyjgm [2024-04-27] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Dave\Dropbox [2018-10-21 14:12]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers2: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [VirtualCloneDrive] -> [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} => -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [LockHunterShellExt] -> [CC]{0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2023-11-03] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\90.0.3.0\drivefsext.dll [2024-04-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\nvshext.dll [2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [FilExileShlExt] -> {37D0B08A-2D0E-4A2E-8C8D-B2CB52BA81AC} => C:\Windows\SysWow64\FilExileExt.dll [2017-02-05] (FilExile) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dave\Documents\WDD 2TB External Drive\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\Dave\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\bbbf3001ec3bcba0\Honey.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=bmnlcjabgnpnenekpadlanbbkooimhnj
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Dave - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2024-03-21 13:29 - 2024-03-21 13:29 - 000433664 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\aac_decoder.dll
2024-04-12 02:07 - 2024-04-12 02:07 - 000251392 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\adpcm_ima_wav_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000573952 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\flv_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001803776 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\h264_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 002366464 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\libx264_encoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000329216 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\mp3_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000349696 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\vp6f_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000308224 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmapro_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 000318976 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmav2_decoder.dll
2024-03-21 13:29 - 2024-03-21 13:29 - 001045504 _____ () [File not signed] \\?\C:\Users\Dave\AppData\Local\Plex Media Server\Codecs\ad47460-4673-windows-x86\wmv3_decoder.dll
2023-03-16 09:51 - 2008-08-25 18:29 - 000131072 _____ () [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\EnumDevLib.dll
2024-02-17 13:53 - 2023-06-20 01:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-03-16 09:51 - 2009-06-26 11:45 - 000405504 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlLib.dll
2023-03-16 09:51 - 2008-12-30 20:15 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\IpLib.dll
2023-03-16 09:51 - 2008-10-22 23:59 - 000036864 _____ (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlICS.dll
2022-06-25 20:21 - 2022-12-28 21:28 - 001111883 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-03-16 09:51 - 2006-07-05 06:45 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dave\Desktop\Bible Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Cloud Drives:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Computer Analyzers:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Delete Programs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Dave\Desktop\Printers:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE trusted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12762 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2024-04-27 16:31 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2021-11-03 09:06 - 2021-11-07 16:32 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\Run: => "msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "WordWeb"
HKLM\...\StartupApproved\Run32: => "ccleaner_update_helper"
HKLM\...\StartupApproved\Run32: => "Phantom_Sl"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "ScreenPal Tray"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\StartupApproved\Run: => "zoommsirepair"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B266382E-1C8F-42FA-98E6-F279674B7E84}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{9EEEEC05-02F6-4029-8091-0B5B26CF7400}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [TCP Query User{8AF959C4-DD8C-4B83-9B02-8174DC4D720D}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{2FBC54AA-448C-4B49-9121-0FDBEEEC8667}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{90FC14FD-0B4F-4355-BFEC-91BF8A9F3735}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{686736E0-3C65-4BFB-9F49-45691090D5FE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{195B44B0-BF8E-4B80-8A6E-E9D1714B1F98}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{A79F678E-00B9-427F-82D6-3BD81B9DFDE1}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{A3FB6C31-9BCF-4227-90DB-9AB7F77B8DAC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-04-2024 14:26:43 Scheduled Checkpoint
27-04-2024 20:06:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 3.7.6.5.9.D.9.5.C.D.E.7.5.7.A.B.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Dave-PC-2.local.

Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.148:5353 15 3.7.6.5.9.D.9.5.C.D.E.7.5.7.A.B.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Dave-PC.local.

Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 9.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.5.0.2.2.5.0.0.B.9.7.0.6.2.ip6.arpa. PTR Dave-PC-2.local.

Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.148:5353 15 9.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.5.0.2.2.5.0.0.B.9.7.0.6.2.ip6.arpa. PTR Dave-PC.local.

Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 148.1.168.192.in-addr.arpa. PTR Dave-PC-2.local.

Error: (04/28/2024 03:16:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.148:5353 15 148.1.168.192.in-addr.arpa. PTR Dave-PC.local.

Error: (04/28/2024 03:16:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dave-PC.local already in use; will try Dave-PC-2.local instead

Error: (04/28/2024 03:16:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dave-PC.local. Addr 192.168.1.148


System errors:
=============
Error: (04/27/2024 07:08:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit PDF Reader Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/27/2024 07:08:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Everything service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2024-04-28 12:12:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-28 11:59:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-28 11:02:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-27 21:07:18
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Dave\Downloads\Computer Analyzers\Speccy (good)\spsetup132.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Dave\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.409.564.0, AS: 1.409.564.0, NIS: 1.409.564.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4

Date: 2024-04-27 20:55:29
Description:
C:\Users\Dave\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe has been blocked from modifying %userprofile%\Documents\Computer\Product Keys\ by Controlled Folder Access.
Detection time: 2024-04-28T03:55:29.128Z
Path: %userprofile%\Documents\Computer\Product Keys\
Process Name: C:\Users\Dave\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: 1.409.564.0
Engine Version: 1.1.24030.4
Product Version: 4.18.24030.9
Event[0]:

Date: 2024-04-21 18:49:00
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-04-21 18:34:30
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-04-21 18:29:54
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-30 12:02:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.828.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2024-01-09 11:20:40
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1841.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2024-04-28 15:39:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2024-04-28 15:35:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. FD 02/26/2016
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 63%
Total physical RAM: 8150.56 MB
Available physical RAM: 3003.55 MB
Total Virtual: 16342.56 MB
Available Virtual: 9699.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:560.39 GB) (Model: WDC WD1003FZEX-00K3CA0) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:11.52 GB) (Model: WDC WD1003FZEX-00K3CA0) FAT32

\\?\Volume{3f368315-d45d-11e8-8b54-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{62b55203-0000-0000-0000-30c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 62B55203)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)

==================== End of Addition.txt =======================