Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Chrome says managed by organization and odd error messages

Started by TomV22 , Sep 11 2023 11:54 AM

  • Please log in to reply
23 replies to this topic

#1 TomV22

TomV22

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 11 September 2023 - 11:54 AM

First, I did do the steps on this page here for the "your browser is managed by your organization"

 

here is that url I used :

 

https://malwaretips.com/blogs/remove-managed-by-your-organisation-virus/

 

other than defender and one other item that Hitman fixed, there were no errors or malware found in the various steps.  But alas after reboot still have the "your browser is managed by your organization" message on my laptop.   And it is my personal one, so obviously no company, etc etc

 

Also various error messages appear.  Usually during boot up - like a file is missing.   I tried to screen capture it but alas failed.  Will try to capture with camera from phone when it reappears.

 

Also it seems I have Microsoft Defender Smartscreen running (very annoying to get it to run FRST!) as well as McAfee running.

 

Here is the log files from FRST :

 

(FRST Log file) :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2023
Ran by cofun (administrator) on NEWTOMLAPTOP (Dell Inc. G7 7588) (11-09-2023 10:47:53)
Running from C:\Users\cofun\Downloads\FRST64.exe
Loaded Profiles: cofun
Platform: Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler.exe
(C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler64.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\McAfee\WPS\1.9.253.1\mc-fw-host.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.9.253.1\mc-web-view.exe <2>
(C:\Program Files\McAfee\WPS\1.9.253.1\mc-web-view.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe <7>
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Microsoft Corporation) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <7>
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\80.0.1.0\crashpad_handler.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <43>
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <7>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_362cfac2b6e1097f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_362cfac2b6e1097f\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.9.253.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_abce57a4fb2f73fe\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.9.253.1\neo\core\mc-neo-host.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2023\SnagitCapture.exe [8805016 2023-01-10] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11559648 2023-09-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [I17A] => C:\WINDOWS\twain_32\Brimi17a\Common\TwDsUiLaunch.exe [86128 2020-03-25] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [145376 2018-04-26] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-07-25] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3588608 2021-04-02] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [181230592 2022-02-24] (Sanford, L.P. -> DYMO.WebApi.Win.Host) [File not signed]
HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2022-02-24] () [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1603216 2022-05-08] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-06] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [IL Print] => C:\Program Files\IL Print\il-print.exe [111482 2021-02-04] () [File not signed]
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123262496 2023-08-31] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [ZoomInfo Contact Contributor] => C:\Users\cofun\AppData\Local\ZoomInfoCEUtility\launch.bat [112 2021-11-15] () [File not signed]
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => C:\Users\cofun\Downloads\MTGAInstaller.exe [27308152 2020-07-27] (Wizards of the Coast, LLC -> Wizards of the Coast) <==== ATTENTION
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [electron.app.Loom] => C:\Users\cofun\AppData\Local\Programs\Loom\Loom.exe [149088248 2023-08-21] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [] => [X]
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [163968 2022-02-24] (Sanford, L.P. -> )
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [GoogleChromeAutoLaunch_2779CABE755215C448F48643FFE7FB83] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3219744 2023-09-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10071360 2023-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-07] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\Windows\system32\LW400MON.DLL [16384 2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLM\...\Print\Monitors\HP B111 Status Monitor: hpinkstsB111LM.dll (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.180\Installer\chrmstp.exe [2023-09-08] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\Installer\chrmstp.exe [2023-09-07] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AL Print.lnk [2020-08-18]
ShortcutTarget: AL Print.lnk -> C:\Program Files\AL Print\al-print.exe (QZ Industries LLC -> )
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {ECF31161-7C8C-421B-8847-D4BF78F3E681} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)
Task: {9D355EA1-34D4-4FE7-8962-C21B9F8F429B} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{08F7AA29-1E91-4130-961A-6001478BB033} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-09-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E022B8F4-0105-4723-98FE-1BB7ABE0086B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{02C05586-C56C-4FBB-9901-0DD73EADF305} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-09-13] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8F2E3DBC-85D2-4C2C-8741-A07150BEE4E3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {069AF298-9ABF-4EFF-8B6B-0CAE39F43A51} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "a9886a51-1416-4468-9a05-3d8246756f09" --version "6.15.10623" --silent
Task: {ABEFD3ED-FF8E-413C-BC50-F6BECB745F7E} - System32\Tasks\CCleanerSkipUAC - cofun => C:\Program Files\CCleaner\CCleaner.exe [34687904 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {3F491C17-68F8-438B-9CA6-5EF8DD733A81} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {9ADDD5D2-8A4E-4B2B-B14C-DD25AC6CE01E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C1F17F7-EAE7-4AEE-847A-8087A0699894} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9F9F05DC-08B5-4635-94F8-EDF5F59FC4E4} - System32\Tasks\G2MUpdateTask-S-1-5-21-4201938413-1014792726-983612931-1001 => C:\Users\cofun\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {99420A2F-4F75-4136-B9E9-2473BA815091} - System32\Tasks\G2MUploadTask-S-1-5-21-4201938413-1014792726-983612931-1001 => C:\Users\cofun\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {B2322B0F-878C-4D27-94B8-1B62B3FBE921} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-01] (Google Inc -> Google Inc.)
Task: {5FB1CE41-AEF9-4010-8E09-BC1908E0D7DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-01] (Google Inc -> Google Inc.)
Task: {B8765066-40C8-45FC-87D6-E721EC8F81B8} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {AA4D3A8C-7436-4AF8-B7E5-FCEFE0B919B2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {B5E09555-7FDB-4F34-809B-D60A3BAABD87} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {E9820DD7-910E-477E-B353-99264651EAED} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226008 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {748DA575-6FC7-4ADE-B506-5C596053E21D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302168 ] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {F521F754-323A-4E51-8C3C-12AB73AA8BAC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start ThunderboltService
Task: {617E7414-7F89-4D1A-AF80-2254FE84BA80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4850904 2023-05-24] (Intel Corporation -> Intel Corporation)
Task: {B5B7C1F8-06B8-42A7-983C-D745E4EABE9D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4850904 2023-05-24] (Intel Corporation -> Intel Corporation)
Task: {AD038E73-97A7-4C22-B781-24530923FEEA} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe  --taskscheduler (No File)
Task: {88284482-8E40-4918-85AD-DF86BF9D9AC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {0629E132-C4EF-49E8-8160-F95C2F438279} - System32\Tasks\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.9.253.1\sustainability\mc-sustainability.exe [777720 2023-06-02] (McAfee, LLC -> McAfee, LLC)
Task: {C29EE782-A269-4748-8E62-6162BD4AB187} - System32\Tasks\McAfee\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.9.253.1\dad\mc-dad.exe [4369656 2023-06-02] (McAfee, LLC -> McAfee, LLC)
Task: {6AA6BB39-797E-4D86-A8D7-4A8507A8622D} - System32\Tasks\McAfee\McPcoScanner => C:\Program Files\McAfee\WPS\1.9.253.1\pcoscanner\mc-pco-scanner.exe [736112 2023-06-02] (McAfee, LLC -> McAfee, LLC)
Task: {8C0E68D2-F27F-4AA3-AEE9-69166B92BDDA} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {313101E9-E422-4D08-B591-579B87E1A6C3} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {6F4A6C6D-BE2F-4F0D-B009-B87E613A96BE} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {33F8F16B-1DFA-4C97-A89A-E701DF21F5E8} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {0F99DB34-AB11-45CE-A074-D7729C6E878B} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2}
Task: {995E1347-E13A-41B6-868B-30D0B9523EE9} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-08-30] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {9643863D-ADEE-4FE8-A382-DD2690B0C716} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-08-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {D00E0C9C-739E-470E-8F02-DCE258FCD69D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {4DF76322-4AF1-4BA6-B1CE-2E837C88C516} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764352 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {08D9127A-E56D-4ACE-B4A9-3E5A55F6F73C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3297728 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0799E38C-8A8F-455A-B38D-11B1649BE396} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982464 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3B709E3-19A7-463B-A0CA-1608331182FD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6CD56D5-EBFC-428B-9024-BB31E8AAD528} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857024 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E1FFB07-FF18-4D72-8DE9-0E5171E081D4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [654784 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49D1B83F-E80B-491D-97F4-54F5456E5EF1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E5E46B0-A4CA-496B-AF0F-01705762ABB1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F86B1940-43E5-45FB-99BE-347C7C52A71E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A8223C7-64F8-4726-BC5F-8E49BCEA904F} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [934848 2018-05-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCCE416C-533E-4387-8DEE-93B3F5C323DA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4201938413-1014792726-983612931-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {EBF7DCE0-FE67-4465-BA81-13E4F98FDCDC} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {EBF7DCE0-FE67-4465-BA81-13E4F98FDCDC} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {33C8BD52-B821-4EC9-8654-24940767648C} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
Task: {AAADADEC-5486-454C-BB5D-AB2F1994D087} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2022-09-07] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4201938413-1014792726-983612931-1001.job => C:\Users\cofun\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4201938413-1014792726-983612931-1001.job => C:\Users\cofun\AppData\Local\GoToMeeting\19950\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7ee4bdec-6183-4067-befe-1eb936e21fae}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a230d696-ea94-4d58-a2d0-3bca64a9b8ae}: [NameServer] 172.17.3.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\cofun\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-11]
Edge Extension: (Edge relevant text changes) - C:\Users\cofun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-30]
Edge HKLM-x32\...\Edge\Extension: [fdhgeoginicibhagdmblfikbgbkahibd]
 
FireFox:
========
FF DefaultProfile: 3r48kx58.default
FF ProfilePath: C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default [2023-09-11]
FF user.js: detected! => C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\user.js [2022-11-17]
FF Session Restore: Mozilla\Firefox\Profiles\3r48kx58.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\3r48kx58.default -> hxxps://www.reddit.com; hxxps://boardgamearena.com
FF Extension: (Norton Password Manager) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\idsafe@norton.com.xpi [2023-06-28]
FF Extension: (The Camelizer) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\izer@camelcamelcamel.com.xpi [2019-06-22]
FF Extension: (Honey) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2021-07-07]
FF Extension: (Norton Safe Search) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2023-08-10] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\nortonsafeweb@symantec.com.xpi [2023-06-09]
FF Extension: (Tab Session Manager) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\Tab-Session-Manager@sienori.xpi [2022-09-19]
FF Extension: (McAfee® WebAdvisor) - C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2023-08-21] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-prefs.js [2021-02-04] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox-config.cfg [2022-09-11] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default [2023-09-11]
CHR Notifications: Default -> hxxps://3.basecamp.com; hxxps://amzscout.net; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://connect.xfinity.com; hxxps://in.flowster.app; hxxps://oa-challenge.circle.so; hxxps://ocsnext.ebay.com; hxxps://personalized.kay.com; hxxps://sellercentral.amazon.com; hxxps://store.bariatricpal.com; hxxps://www.9news.com; hxxps://www.alibaba.com; hxxps://www.cheapprice.sale; hxxps://www.cleanitsupply.com; hxxps://www.ebay.com; hxxps://www.entertainmentearth.com; hxxps://www.invaluable.com; hxxps://www.kay.com; hxxps://www.letgo.com; hxxps://www.liveauctioneers.com; hxxps://www.loom.com; hxxps://www.personalloanpro.co; hxxps://www.pinterest.com; hxxps://www.quordlepuzzles.com; hxxps://www.smartpackagetracker.com; hxxps://www.ubuy.com.om; hxxps://www.ubuy.sv; hxxps://www.windowscentral.com; hxxps://www.zizowireless.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1494G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Extension: (Norton Password Manager) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2023-09-08]
CHR Extension: (Amazon Rank Chrome Extension) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\afcbjmdkfcdfbamemeadbpmabohjehcl [2022-01-18]
CHR Extension: (Scope by SellerLabs) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifeflcmgbbjnkopdmliglhooofhgmld [2022-07-20]
CHR Extension: (Amazon Review Request Tool) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaobgcedoikjgdlbecjejhdfhdmobph [2022-02-15]
CHR Extension: (PriceBlink Lite - Coupons & Price Comparison) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolpdlffgigjkjejcmjikefloacanfjn [2021-06-04]
CHR Extension: (Genetic.Family) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aphgflniadmhhmiebacmblekknbpkhbc [2022-09-11]
CHR Extension: (Jungle Scout) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckjlihkmgolmgkchbpiponapgjenaoa [2023-09-08]
CHR Extension: (OmniRocket Analysis - Lite) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmjflmnaphfklacagaegpeldlppleml [2022-08-11]
CHR Extension: (FBA calculator for Amazon Sellers : SellerApp) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdkbhjcfhfkmkbffkdklaiepfbllbgg [2023-09-11]
CHR Extension: (NiftySplit) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjnlfillpnkgmjnhgklpjjlpjnfeil [2021-11-07]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-09-08]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2023-08-29]
CHR Extension: (Eno® from Capital One®) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2023-08-10]
CHR Extension: (Search by Image) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnojnbdhbhnkbcieeekonklommdnndci [2023-07-07]
CHR Extension: (Price-fix) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coniammgndoohnfbcdkccdcofoodplml [2023-03-17]
CHR Extension: (AMZ Suggestion Expander) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeaihkccbeemkfefcapijechkbfjlhb [2023-07-21]
CHR Extension: (IP Alert) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmindjgpiimpmkgmabhkflfaiimioea [2023-08-09]
CHR Extension: (Amazon FBA Calculator Free by AMZScout) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgjopcolgcafhnicdahjemapkniikeh [2023-05-09]
CHR Extension: (FireShield) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnajaiijohbndidolbdbpicdjanombo [2023-04-06]
CHR Extension: (ASIN Pincher) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\edhmelkcmlccpmhpcojinidloocndila [2022-05-25]
CHR Extension: (Amazon Dropshipping, Arbitrage, and Wholesale) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkgpjhfpfpgkohafpaliolcfnijnibh [2023-08-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-29]
CHR Extension: (Amazon Keyword Tracker & Reverse Asin Lookup) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkhimnkbaccbhigaeoggfbmggdidjjj [2023-04-06]
CHR Extension: (Lyquidator-X) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkhmhopgmbfpolhhjgnlmfpbcgpmpmg [2020-10-13]
CHR Extension: (Restricted or Hazmat) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnmiadakeknidapgeiloibpofnplimd [2020-09-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-08-22]
CHR Extension: (How Many?) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifaampimdjablpkjapdjehjcfloecjp [2023-02-16]
CHR Extension: (Hummingbird Hover-Graph) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjngbnfomhcjmcdmnlkhdjoicphlidl [2021-06-30]
CHR Extension: (Does it Melt?) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnhgehlhelimandcofkinigckpkdaij [2022-08-26]
CHR Extension: (Norton Safe Web) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2023-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-22]
CHR Extension: (The Camelizer) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2023-03-17]
CHR Extension: (RevSeller) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gobliffocflfaekfcaccndlffkhcafhb [2023-09-08]
CHR Extension: (Pedigree Thief) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgjlfchbpojdocjlldfikeddamdcbhn [2023-06-06]
CHR Extension: (Klarna | Shop now. Pay later.) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2023-09-08]
CHR Extension: (Hunter - Email Finder Extension) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2023-04-16]
CHR Extension: (AncestryDNA Helper) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjflmfphflaeehhpdiggobllgffelfee [2019-04-23]
CHR Extension: (Price Hack) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjkiemhlgdckiedoihbikhgndoigbfi [2023-08-22]
CHR Extension: (Label Resizer - FBA Labels to Thermal & Avery) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkbncennjhofkohbibnbgappjbncnoc [2023-09-08]
CHR Extension: (DS Amazon Quick View Extended) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpimgbmpmhfhdaaeepjokoigelkfbee [2023-06-06]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2023-01-11]
CHR Extension: (OAhighlight) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcjejjfciieibailmlompgeidcofmee [2022-09-09]
CHR Extension: (DS Amazon Quick View) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2022-11-05]
CHR Extension: (SellerAmp SAS - Amazon FBA Analysis Tool) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidmffepbniamfbibhfgdakkggchipjl [2023-04-16]
CHR Extension: (ScoutX) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbnmocooncmgfkddgbjdcfmbbbcfcdj [2023-08-29]
CHR Extension: (McAfee® Web Boost) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2022-03-04]
CHR Extension: (BrickSeek Addon) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhibjphanbplgaajbfnbppcfmaegojgh [2022-05-25]
CHR Extension: (Loom – Screen Recorder & Screen Capture) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2023-09-11]
CHR Extension: (AMZScout Stock Stats - Amazon Stock Level Spy) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\liobflkelkokkacdemhmgkbpefgaekkm [2023-06-23]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-22]
CHR Extension: (Norton Safe) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2023-08-09]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2023-09-08]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2023-09-11]
CHR Extension: (TWF Buy Box Scope BETA 1.1) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nleehhpkbdfkfijnboebfaijhjabfjeb [2020-04-21]
CHR Extension: (RevROI) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidcdbnmhggenoknphfaanmphbbfkid [2022-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Redirector) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgpenflpmgnfapjedencafcfakcekcd [2021-11-07]
CHR Extension: (Context Menu Search) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2019-10-12]
CHR Extension: (DNArboretum) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekcehcnbnfmeimggmkfliochkojkaej [2018-12-01]
CHR Extension: (PDF Viewer) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2023-07-12]
CHR Extension: (Amazon Review Request Tool ASINsell) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiediicooidhmkfmapgmkmjcglngggaa [2023-06-14]
CHR Extension: (Asin Gadget) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\okchldnojljcfhjhjmeibjpflepmnkaf [2023-05-24]
CHR Extension: (CouponCabin Sidekick - Coupons & Cash Back) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcihjlbjjghnbohanlafcldoddloecfo [2022-12-14]
CHR Extension: (Amazon Quick View by AMZScout) - C:\Users\cofun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggamokfileohlopdonjmelbbghhnlah [2023-08-29]
CHR Extension: (Price Hack) - C:\Users\cofun\Downloads\price-hack-0.9.15 [2020-06-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKU\S-1-5-21-4201938413-1014792726-983612931-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-4201938413-1014792726-983612931-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
 
Brave: 
=======
BRA Profile: C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-09-11]
BRA Extension: (IP Alert) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dcmindjgpiimpmkgmabhkflfaiimioea [2023-09-07]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-07]
BRA Extension: (RevSeller) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gobliffocflfaekfcaccndlffkhcafhb [2023-09-07]
BRA Extension: (SellerAmp SAS - Amazon FBA Analysis Tool) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kidmffepbniamfbibhfgdakkggchipjl [2023-04-20]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-07]
BRA Extension: (Keepa - Amazon Price Tracker) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2023-09-07]
BRA Extension: (RevROI) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nmidcdbnmhggenoknphfaanmphbbfkid [2023-01-16]
BRA Extension: (Brave Ad Block Updater (Exception-exceptions (plaintext))) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-09-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-09-07]
BRA Extension: (Brave NTP background images) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-09-07]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications List (plaintext))) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-05-13]
BRA Extension: (Wallet Data Files Updater) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-09-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-21]
BRA Extension: (Brave NTP sponsored images) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-09-07]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-09-07]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-09-07]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-09-13]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-09-07]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\cofun\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-09-07]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-09-13] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-09-13] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\brave_vpn_helper.exe [3171864 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
S4 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [2183192 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-07-25] (Brother Industries, Ltd.) [File not signed]
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-09-05] (Dropbox, Inc -> Dropbox, Inc.)
S4 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [329920 2023-05-16] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-06-07] (Dell Inc -> Dell INC.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{E243BED6-8DAD-4E63-8EFB-108AC67F724C} [21312 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-07-28] (Dell Inc -> )
S4 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation -> Intel)
S4 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2022-02-24] (Sanford, L.P.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [152576 2023-09-11] (SurfRight B.V. -> SurfRight B.V.)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-29] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-29] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-29] (Intel Corporation -> Intel)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-29] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.9.253.1\mc-fw-host.exe [2304928 2023-06-02] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.9.253.1\mc-update.exe [5071576 2023-06-02] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-07] (McAfee, LLC -> McAfee, LLC)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S4 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Rivet Networks, LLC.)
S4 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Rivet Networks, LLC.)
S4 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
S4 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-09-14] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-09-14] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [17900856 2023-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S4 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-05-24] (Microsoft) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19968 2022-05-24] (Microsoft) [File not signed]
S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_abce57a4fb2f73fe\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_abce57a4fb2f73fe\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [172264 2022-03-29] (Intel Corporation -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
S0 mfeelam; C:\WINDOWS\System32\DRIVERS\mfeelam.sys [18400 2023-06-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\WINDOWS\System32\DRIVERS\mfesec.sys [82144 2023-06-02] (McAfee, LLC -> McAfee, LLC)
S3 optousb; C:\WINDOWS\system32\DRIVERS\optousb.sys [27264 2010-03-24] (Microsoft Windows Hardware Compatibility Publisher -> OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\WINDOWS\system32\DRIVERS\optovcm.sys [34304 2010-03-24] (Microsoft Windows Hardware Compatibility Publisher -> OPTO ELECTRONICS CO.,LTD.)
R3 ScrHIDDriver3; C:\WINDOWS\System32\drivers\ScrHIDDriver3.sys [63296 2021-10-01] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2023-06-02] (McAfee, LLC -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-11 10:47 - 2023-09-11 10:48 - 000060842 _____ C:\Users\cofun\Downloads\FRST.txt
2023-09-11 10:46 - 2023-09-11 10:48 - 000000000 ____D C:\FRST
2023-09-11 10:42 - 2023-09-11 10:46 - 002382848 _____ (Farbar) C:\Users\cofun\Downloads\FRST64.exe
2023-09-11 10:26 - 2023-09-11 10:26 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-09-11 10:26 - 2023-09-11 10:26 - 000000000 ____D C:\Users\cofun\AppData\LocalLow\IGDump
2023-09-11 10:16 - 2023-09-11 10:16 - 000002002 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2023-09-11 10:16 - 2023-09-11 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2023-09-11 10:16 - 2023-09-11 10:16 - 000000000 ____D C:\Program Files\HitmanPro
2023-09-11 10:14 - 2023-09-11 10:15 - 000000000 ____D C:\ProgramData\HitmanPro
2023-09-11 10:12 - 2023-09-11 10:14 - 014248944 _____ (SurfRight B.V.) C:\Users\cofun\Downloads\HitmanPro_x64.exe
2023-09-11 10:09 - 2023-09-11 10:26 - 000000000 ____D C:\Users\cofun\AppData\Local\Malwarebytes
2023-09-11 10:09 - 2023-09-11 10:09 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-09-11 10:09 - 2023-09-11 10:09 - 000002069 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-09-11 10:09 - 2023-09-11 10:09 - 000000000 ____D C:\Users\cofun\AppData\Local\mbam
2023-09-11 10:08 - 2023-09-11 10:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-09-11 10:08 - 2023-09-11 10:08 - 000000000 ____D C:\Program Files\Malwarebytes
2023-09-11 10:07 - 2023-09-11 10:07 - 002606880 _____ (Malwarebytes) C:\Users\cofun\Downloads\MBSetup-076886.076886-consumer.exe
2023-09-11 09:51 - 2023-09-11 09:51 - 000002072 _____ C:\Users\cofun\Downloads\Rkill - sept 9 run.txt
2023-09-11 09:37 - 2023-09-11 09:49 - 000002072 _____ C:\Users\cofun\Desktop\Rkill.txt
2023-09-11 09:37 - 2023-09-11 09:37 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\cofun\Downloads\rkill.exe
2023-09-11 08:39 - 2023-09-11 08:39 - 000001427 _____ C:\Users\Public\Desktop\Skype.lnk
2023-09-11 08:15 - 2023-09-11 08:15 - 000001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung DeX.lnk
2023-09-11 07:16 - 2023-09-11 07:16 - 000003340 _____ C:\WINDOWS\system32\Tasks\McAfee Sustainability
2023-09-10 09:23 - 2023-09-11 08:42 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-09-08 16:59 - 2023-09-08 17:00 - 000097739 _____ C:\Users\cofun\Downloads\Keepa expanded - grocery - 40 to 59 sales drop.xlsx
2023-09-08 16:52 - 2023-09-08 17:01 - 000020396 _____ C:\Users\cofun\Downloads\Keepa - Grocery - 40 to 59 sales drop.xlsx
2023-09-08 14:03 - 2023-09-08 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-09-07 15:22 - 2023-09-11 08:36 - 000000000 ____D C:\WINDOWS\Minidump
2023-09-07 15:21 - 2023-09-11 10:25 - 000008192 ___SH C:\DumpStack.log.tmp
2023-09-07 12:36 - 2023-09-07 12:36 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4201938413-1014792726-983612931-1001
2023-09-07 12:36 - 2023-09-07 12:36 - 000002425 _____ C:\Users\cofun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-05 16:17 - 2023-09-05 16:17 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2023-09-02 10:08 - 2023-09-02 10:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2023-09-02 10:06 - 2023-09-02 10:06 - 043097408 _____ (Samsung Electronics) C:\Users\cofun\Downloads\Smart.Switch.PC_setup.exe
2023-08-30 09:20 - 2023-08-30 09:20 - 001108553 _____ C:\Users\cofun\Documents\nassau candy FOB form signed.pdf
2023-08-30 09:18 - 2023-08-30 09:18 - 001662679 _____ C:\Users\cofun\Documents\nassau-candy-faq-page 2 signed.pdf
2023-08-30 08:58 - 2023-08-30 08:58 - 003545804 _____ C:\Users\cofun\Downloads\Nassau Candy Order Form - Initial.xlsx
2023-08-30 08:58 - 2023-08-30 08:58 - 000000165 ____H C:\Users\cofun\Downloads\~$Nassau Candy Order Form - Initial.xlsx
2023-08-30 08:53 - 2023-08-30 08:53 - 002751453 _____ C:\Users\cofun\Downloads\Nassau Candy Price List 08.17.23 - master.xlsx
2023-08-30 08:53 - 2023-08-30 08:53 - 002751445 _____ C:\Users\cofun\Downloads\Nassau Candy Price List 08.17.23.xlsx
2023-08-30 08:48 - 2023-08-30 08:48 - 003231803 _____ C:\Users\cofun\Downloads\Nassau Candy Order Form (2).xlsx
2023-08-30 08:45 - 2023-08-30 08:45 - 002476654 _____ C:\Users\cofun\Downloads\Nassau Candy Price List 08.17.23 (1).xlsx
2023-08-30 08:38 - 2023-08-30 08:38 - 000113560 _____ C:\Users\cofun\Documents\OSLC July Paycheck.pdf
2023-08-30 08:07 - 2023-09-07 15:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-29 08:52 - 2023-08-29 08:52 - 001361994 _____ C:\Users\cofun\Documents\Colorado Resale Tax License 2022-2023.pdf
2023-08-29 08:42 - 2023-08-29 08:42 - 002124064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-28 11:41 - 2023-08-28 11:41 - 000619081 _____ C:\Users\cofun\Documents\amazon page changes - Aug 28 2023.pdf
2023-08-23 10:29 - 2023-08-23 10:29 - 000132982 _____ C:\Users\cofun\Downloads\OSLC Weld County 2023.pdf
2023-08-22 16:13 - 2023-08-22 16:13 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2023-08-22 16:01 - 2023-08-22 16:01 - 000000000 ____D C:\Users\cofun\AppData\Local\DropboxUpdate
2023-08-22 11:09 - 2023-08-22 11:09 - 000002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-22 11:09 - 2023-08-22 11:09 - 000002103 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-21 12:05 - 2023-08-21 12:05 - 000000863 _____ C:\Users\cofun\Desktop\Dropbox.lnk
2023-08-21 11:22 - 2023-09-11 10:19 - 000003030 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2023-08-21 11:22 - 2023-09-11 10:19 - 000002664 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2023-08-21 11:22 - 2023-08-21 11:22 - 000003670 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2023-08-21 11:22 - 2023-06-28 15:27 - 000047240 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2023-08-21 11:20 - 2023-08-21 11:20 - 000002429 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2023-08-18 09:34 - 2023-08-22 16:08 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-08-18 09:34 - 2023-08-18 09:34 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-08-18 09:34 - 2023-08-18 09:34 - 000003474 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-11 10:40 - 2018-12-01 16:06 - 000000000 ____D C:\Users\cofun\AppData\Local\D3DSCache
2023-09-11 10:36 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-11 10:33 - 2022-10-30 18:55 - 000846482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-11 10:33 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2023-09-11 10:30 - 2022-09-07 21:13 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-11 10:30 - 2018-12-01 15:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-11 10:28 - 2018-11-06 16:50 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-11 10:26 - 2022-10-30 18:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-09-11 10:26 - 2022-03-31 11:45 - 000000000 ____D C:\Program Files\CCleaner
2023-09-11 10:26 - 2020-05-31 15:14 - 000000000 ___RD C:\Users\cofun\iCloudDrive
2023-09-11 10:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-11 10:26 - 2018-12-01 15:44 - 000000000 __SHD C:\Users\cofun\IntelGraphicsProfiles
2023-09-11 10:26 - 2018-11-06 16:48 - 000000000 ____D C:\Intel
2023-09-11 10:25 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-09-11 10:20 - 2022-04-22 22:21 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4201938413-1014792726-983612931-1001.job
2023-09-11 10:20 - 2022-04-22 22:21 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4201938413-1014792726-983612931-1001.job
2023-09-11 10:20 - 2018-12-24 16:40 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-09-11 10:20 - 2018-12-24 16:40 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-09-11 10:19 - 2023-04-20 12:20 - 000003362 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2023-09-11 10:19 - 2022-10-30 18:53 - 000003554 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{02C05586-C56C-4FBB-9901-0DD73EADF305}
2023-09-11 10:19 - 2022-10-30 18:53 - 000003500 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2023-09-11 10:19 - 2022-10-30 18:53 - 000003330 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{08F7AA29-1E91-4130-961A-6001478BB033}
2023-09-11 10:19 - 2022-10-30 18:53 - 000003276 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2023-09-11 10:19 - 2020-04-25 15:20 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Loom
2023-09-11 10:19 - 2020-04-25 15:08 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\Skype for Desktop
2023-09-11 10:09 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-09-11 10:09 - 2019-01-17 16:10 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\MMC
2023-09-11 09:59 - 2021-06-13 15:59 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2023-09-11 08:42 - 2022-10-30 18:53 - 000003314 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-4201938413-1014792726-983612931-1001
2023-09-11 08:42 - 2022-10-30 18:53 - 000003218 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-4201938413-1014792726-983612931-1001
2023-09-11 08:42 - 2022-10-30 18:53 - 000003212 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-11 08:42 - 2022-10-30 18:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-11 08:42 - 2022-10-30 18:53 - 000002804 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-11 08:42 - 2022-10-30 18:53 - 000002748 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP ENVY 5530 series
2023-09-11 08:40 - 2020-05-04 10:06 - 000000000 ____D C:\Users\cofun\AppData\Local\Bluestacks
2023-09-11 08:39 - 2020-04-25 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-09-11 08:39 - 2019-04-14 07:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-09-11 08:37 - 2023-03-18 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2023-09-11 08:37 - 2022-08-26 20:00 - 000000000 ____D C:\ProgramData\TechSmith
2023-09-11 08:37 - 2022-08-26 20:00 - 000000000 ____D C:\Program Files\TechSmith
2023-09-11 08:37 - 2020-05-04 10:06 - 000000000 ____D C:\Users\Public\BlueStacks
2023-09-11 08:36 - 2023-04-20 12:33 - 000002318 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry
2023-09-11 08:36 - 2022-02-09 13:07 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-11 08:36 - 2019-04-12 15:16 - 000000000 ____D C:\Program Files (x86)\Steam
2023-09-11 08:36 - 2018-12-06 16:04 - 005776501 _____ C:\Users\cofun\Documents\Tom's Checking - Oct 23 2018 to.xlsx
2023-09-11 08:36 - 2018-12-01 15:48 - 000000000 ____D C:\Users\cofun\AppData\Local\CrashDumps
2023-09-11 08:36 - 2018-11-06 16:45 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-11 08:33 - 2021-06-13 15:38 - 000008051 _____ C:\WINDOWS\BRRBCOM.INI
2023-09-11 08:32 - 2018-12-06 16:05 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\Excel
2023-09-11 08:15 - 2019-08-22 18:48 - 000000000 ____D C:\Program Files (x86)\Samsung
2023-09-11 08:14 - 2020-06-23 08:52 - 000000000 ____D C:\WINDOWS\system32\Samsung
2023-09-11 08:13 - 2018-12-24 16:40 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Dropbox
2023-09-11 08:13 - 2018-12-24 16:40 - 000000000 ____D C:\Users\cofun\AppData\Local\Dropbox
2023-09-11 08:12 - 2018-12-01 15:49 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Toolkit
2023-09-11 07:16 - 2023-05-30 10:46 - 000064300 _____ C:\Users\cofun\Downloads\KeepaExport-2023-05-30-Grocery ASINs.xlsx
2023-09-11 07:16 - 2022-10-30 18:53 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{24526681-807F-4A54-A856-6FC0758F0CDA}
2023-09-11 07:13 - 2022-10-30 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-08 14:14 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-08 14:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-08 14:05 - 2020-02-10 15:37 - 000000000 ____D C:\Users\cofun\AppData\Roaming\il-print
2023-09-08 14:05 - 2019-12-07 03:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-09-08 14:03 - 2018-12-24 16:40 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-09-08 14:00 - 2020-06-15 08:15 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-08 14:00 - 2018-12-01 15:47 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-08 14:00 - 2018-12-01 15:47 - 000002300 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-07 15:24 - 2022-10-30 18:26 - 000000000 ____D C:\Users\cofun
2023-09-07 15:22 - 2018-12-01 15:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-07 12:36 - 2022-10-30 18:53 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4201938413-1014792726-983612931-1001
2023-09-07 08:21 - 2022-09-13 21:27 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-09-07 08:21 - 2022-09-13 21:27 - 000002373 _____ C:\Users\Public\Desktop\Brave.lnk
2023-09-07 08:19 - 2021-09-08 12:41 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-09-07 08:19 - 2021-09-08 12:41 - 000002056 _____ C:\Users\Default\Desktop\Google Slides.lnk
2023-09-07 08:19 - 2021-09-08 12:41 - 000002056 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2023-09-07 08:19 - 2021-09-08 12:41 - 000002044 _____ C:\Users\Default\Desktop\Google Docs.lnk
2023-09-02 10:07 - 2019-08-22 18:49 - 000002246 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2023-08-30 13:08 - 2018-12-01 15:51 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-30 09:32 - 2020-09-20 18:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-08-29 08:40 - 2018-12-06 16:05 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\Office
2023-08-29 08:31 - 2018-12-17 13:10 - 000000000 ____D C:\Users\cofun\AppData\Roaming\Microsoft\Word
2023-08-25 08:20 - 2019-09-17 09:17 - 000000000 ____D C:\Program Files\HP
2023-08-25 08:20 - 2018-12-01 15:44 - 000000000 ____D C:\Users\cofun\AppData\Local\Packages
2023-08-25 08:19 - 2019-09-17 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2023-08-25 08:19 - 2019-06-25 20:47 - 000000000 ____D C:\ProgramData\HP
2023-08-25 08:19 - 2019-06-25 20:47 - 000000000 ____D C:\Program Files (x86)\HP
2023-08-25 07:42 - 2018-12-01 15:46 - 000000000 ___RD C:\Users\cofun\OneDrive
2023-08-23 11:59 - 2022-10-30 18:01 - 000000000 ___DC C:\WINDOWS\Panther
2023-08-23 11:59 - 2019-04-14 07:16 - 000000000 ____D C:\Users\cofun\AppData\Roaming\TeamViewer
2023-08-23 11:56 - 2018-11-06 16:46 - 000000000 ____D C:\ProgramData\Dell
2023-08-23 11:52 - 2018-11-06 16:44 - 000000000 ____D C:\Program Files (x86)\Intel
2023-08-22 16:18 - 2023-01-20 16:14 - 000040929 _____ C:\Users\cofun\Desktop\2023 Amazon FBA.xlsx
2023-08-22 16:11 - 2020-05-21 11:35 - 000000000 ____D C:\Users\cofun\AppData\Local\ZoomInfoCEUtility
2023-08-22 13:43 - 2020-06-17 11:27 - 000000000 ____D C:\Users\cofun\AppData\Local\Apps\2.0
2023-08-21 18:05 - 2019-09-24 13:32 - 000000000 ____D C:\Users\cofun\AppData\Local\GoToMeeting
2023-08-18 09:37 - 2018-11-06 17:03 - 000000000 ____D C:\Program Files (x86)\Dell
2023-08-18 09:36 - 2018-11-06 16:45 - 000000000 ____D C:\Program Files\Dell
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
-------------------------------Addition log file -----------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023
Ran by cofun (11-09-2023 10:48:52)
Running from C:\Users\cofun\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) (2022-10-31 00:54:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4201938413-1014792726-983612931-500 - Administrator - Disabled)
cofun (S-1-5-21-4201938413-1014792726-983612931-1001 - Administrator - Enabled) => C:\Users\cofun
DefaultAccount (S-1-5-21-4201938413-1014792726-983612931-503 - Limited - Disabled)
Guest (S-1-5-21-4201938413-1014792726-983612931-501 - Limited - Disabled)
sales (S-1-5-21-4201938413-1014792726-983612931-1005 - Administrator - Enabled)
tvilf (S-1-5-21-4201938413-1014792726-983612931-1012 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-4201938413-1014792726-983612931-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: McAfee® (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Online (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: McAfee® (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerPrint 2.0.11 (HKLM\...\AccelerPrint) (Version: 2.0.11 - AccelerList Inc)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AL Print 2.1.1 (HKLM\...\AL Print) (Version: 2.1.1 - AccelerList)
Amazon Corretto (HKLM\...\{8046E13D-F4AA-4269-BA09-73C6DAE5DC4E}) (Version: 1.8.0.192 - Amazon)
Ancestry World Archives Project - Keying Tool (HKLM\...\{F81A017C-8633-42DE-B2DA-E7CD5D5403EE}) (Version: 2.0.1.45 - Ancestry.com)
AndreaMosaic Professional version 3.50.1 (HKLM-x32\...\Unyma AndreaMosaic Professional_is1) (Version: 3.50.1 - Unyma)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 116.1.57.62 - Brave Software Inc)
BrLauncher (HKLM-x32\...\{88FCD471-DBBF-4A75-8066-ACACE05DE3CF}) (Version: 2.0.14.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{06e7b8fa-f412-4f47-a8d7-74d4a780099e}) (Version: 10.3.1.1 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{79F6CD87-9761-414F-87C4-79767318CBFA}) (Version: 10.3.1.1 - Brother Industries, Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{79262B43-9E15-4732-A034-BFD29D9BD077}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{DB807453-2A2E-4FFE-9D85-253F41EAF321}) (Version: 7.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{C48F05FB-1568-42F5-BE89-526A26994C6C}) (Version: 1.0.37.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{C0439A0D-8A66-4BD0-A3E0-85C8E2920762}) (Version: 1.0.26.0 - Brother Industries Ltd.) Hidden
Capital One Services LLC (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\3534bb15e6ce3311e99f666bb660e05e) (Version: 1.0 - Google\Chrome)
CCleaner (HKLM\...\CCleaner) (Version: 6.15 - Piriform)
Charting Companion (HKLM-x32\...\{690CAAF7-04E7-475D-99E4-FC3EF2285419}) (Version: 7.0.28 - Progeny Genealogy Inc.) Hidden
Charting Companion (HKLM-x32\...\{fb7fc1ab-81a3-44fa-bf8e-13dc87fe3f79}) (Version: 7.0.28 - Progeny Genealogy Inc.)
ControlCenter4 (HKLM-x32\...\{9CE6D4F3-965F-4FA7-8431-4A4FDC7A01D9}) (Version: 4.6.23.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Dell Digital Delivery Service (HKLM-x32\...\{66E2407E-9001-483E-B2AA-7AEF97567143}) (Version: 3.6.1005.0 - Dell Products, LP)
Dell Mobile Connect Driver (HKLM\...\{6F9CB82D-BC34-4FC1-B90D-AFFAC5C85E7B}) (Version: 4.1.7498 - Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM\...\{A8DFE386-5055-48F6-95C9-8DF312812625}) (Version: 3.15.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E2DCC087-13A9-4BF3-AA0E-B42645D87C8E}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3671ea45-970e-4390-8c93-a3c5ba77107b}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{20E7100A-BADE-4287-8AAD-B498A1E51C13}) (Version: 5.0.0 - Dell Inc.)
DeviceDetect (HKLM-x32\...\{5FE4CE95-1B55-4632-A3F1-851B07936498}) (Version: 1.4.10.0 - Brother Industries Ltd.) Hidden
Discord (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Discord) (Version: 1.0.9007 - Discord Inc.)
DNAGedcom (HKLM-x32\...\{699772E2-9B8B-495F-BB76-177E45176337}) (Version: 3.0.3.3 - DNAGedcom)
Documentation Manager (HKLM\...\{5C67CECE-B908-4BCF-B585-8C170B817C1D}) (Version: 22.240.0.6 - Intel Corporation) Hidden
Double Match Triangulator Version 2.9.5, 8 Jan 2019 (HKLM-x32\...\Double Match Triangulator (DMT)_is1) (Version: 2.9.5 - Louis Kessler (Behold Genealogy))
Dropbox (HKLM-x32\...\Dropbox) (Version: 182.4.6427 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.761.1 - Dropbox, Inc.) Hidden
DYMO Connect (HKLM-x32\...\{FF7123C2-7770-4E7C-8E61-CB73689FA2EA}) (Version: 1.4.3.131 - DYMO)
Dynamic Application Loader Host Interface Service (HKLM\...\{9DE7A0A5-C13D-4FDD-B78B-53C744C82F1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.2.1540 - Software MacKiev)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.180 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 80.0.1.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{27288E10-7B6A-4EAD-BF7D-C40F86C3C751}) (Version: 1.0.527 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.30.326 - SurfRight B.V.)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HttpToUsbBridge (HKLM-x32\...\{6FF1DBC1-A313-460D-B1F2-6444D2F01DEE}) (Version: 2.0.18.1 - Brother Industries Ltd.)
iCloud Outlook (HKLM\...\{696A65CA-2720-4D0D-A255-78123E9AC856}) (Version: 11.2.0.18 - Apple Inc.)
IL Print 1.4.0 (HKLM\...\IL Print) (Version: 1.4.0 - InventoryLab, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{0D8810A6-1D38-4885-9690-948CD0B7CA6F}) (Version: 2.4.10577 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10501.6067 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{d0e4f33b-f383-4c75-8d81-ec92db2939eb}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{f07e8107-88e2-4459-865e-665afe7dda07}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Icls (HKLM\...\{AE33809B-734E-4A79-BBDC-0DDE03950065}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{4479B4B8-D77B-474A-ABC5-1E5A4356F7DE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{F0A3D842-E346-45C5-9546-90FEFD477F6E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{06534C2E-CDD8-440B-A370-13E2E1C45FDC}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000240-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.240.0.2 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7f55d00c-cc02-4c82-b569-466f4d954c48}) (Version: 20.120.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{8149291F-52C1-41CE-8F33-58A27E26547F}) (Version: 20.120.1.2939 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{318c42c7-b0bf-4429-b733-753440cb751f}) (Version: 22.240.0.6 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{6432ACCA-189C-45F7-8400-0F1ED42EB920}) (Version: 3.1122.3160 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{741E0807-E8D1-4177-82D6-7CDB411A4088}) (Version: 2.2.1454 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{A14CD258-BA10-47C3-8A55-5F1300EBAE74}) (Version: 2.0.1170 - Rivet Networks)
Laplink PCmover Professional (HKLM-x32\...\{1a37ad17-bc4e-4fe9-bd44-16e460a157fe}) (Version: 11.3.1015.1802 - Laplink Software, Inc.)
Laplink PCmover Professional (HKLM-x32\...\{AF5E701B-C11E-4DF1-87A9-0EEE187EF1C8}) (Version: 11.3.1015.1802 - Laplink Software, Inc.) Hidden
Legacy 9.0 (HKLM-x32\...\Legacy 9.0) (Version: 9.0  - Millennia Corporation)
Loom 0.169.5 (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.169.5 - Loom, Inc.)
Magic The Gathering Online  (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\0f5c6e93bfc3614a) (Version: 3.4.115.4054 - Wizards of the Coast, LLC)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
McAfee (HKLM\...\McAfee.WPS) (Version: 1.9.253.1 - McAfee, LLC)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.21 (x64) (HKLM\...\{26FF35F7-ADBB-4C9F-97DA-79120DB80EC6}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.21 (x64) (HKLM\...\{D937EF87-F11D-4778-973C-B71E178F95D0}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.21 (x64) (HKLM\...\{8D2EC92E-5903-4B25-9406-182B8EFA834F}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.21 (x64) (HKLM-x32\...\{67ef3ebc-b55c-4df6-92df-944dd8c4249f}) (Version: 6.0.21.32713 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\OneDriveSetup.exe) (Version: 23.174.0820.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{F0C8928A-BF8F-4AAF-B8BF-9CE865DBC711}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{847625FA-89A7-4EE0-8494-68A49BF977D6}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0 (x64 en-US)) (Version: 117.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
MTG Arena (HKLM\...\{46530058-EA0E-40C5-89AF-1084EA6E859B}) (Version: 0.1.3009 - Wizards of the Coast)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
NuPrice (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\NuPrice) (Version: 3.5.11 - Matthew Osborn)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Graphics Driver 496.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 496.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{65D8385F-F858-4748-A7C2-676D04C2893E}) (Version: 1.8.402.0 - Brother Industries, Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{90338D66-4493-4DC3-A8C7-EB6FD5282B02}) (Version: 3.7.12.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.13.1223.2016 - Realtek)
RemoteSetup (HKLM-x32\...\{EB4D046E-28C1-4884-9129-47F41317E9B0}) (Version: 3.10.3.0 - Brother Industries Ltd.) Hidden
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Samsung DeX (HKLM-x32\...\{01CB0AC1-0B42-41CD-B569-A0485FEFE3CE}) (Version: 2.4.1.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{0ee140a4-adcc-4974-ad4c-210d225b488c}) (Version: 2.4.1.18 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.58.0 - Samsung Electronics Co., Ltd.)
ScannerUtilityInstaller (HKLM-x32\...\{D65C0754-7790-427F-AD73-D7C644260F57}) (Version: 1.19.9.1 - Brother) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Skype version 8.103 (HKLM-x32\...\Skype_is1) (Version: 8.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Snagit 2022 (HKLM\...\{6C0D9D38-B735-4723-888C-7C9096379948}) (Version: 22.1.4 - TechSmith Corporation) Hidden
Snagit 2022 (HKLM-x32\...\{89f201f1-6ca8-4a8a-bb6d-fea5cf20ac7e}) (Version: 22.1.4.26383 - TechSmith Corporation)
Snagit 2023 (HKLM\...\{A4896E39-497E-4D3A-942D-28E2F320BBB6}) (Version: 23.0.3 - TechSmith Corporation) Hidden
Snagit 2023 (HKLM-x32\...\{5a3be9e9-abc8-409e-8e60-ce13c9b7295b}) (Version: 23.0.3.25088 - TechSmith Corporation)
SoftwareUpdateNotification (HKLM-x32\...\{E28A6F15-BFBE-4D20-8B5F-6EABAA1E545E}) (Version: 1.0.14.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{1F4C40FC-9C25-450C-9F77-0AE71CA0DB64}) (Version: 1.22.14.0 - Brother Industries, Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.45.3 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{30F0067F-DD79-431B-BA5F-6CB4897785A5}) (Version: 17.4.79.510 - Intel Corporation)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.33.0.50 - Seagate)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.834 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\WhatsApp) (Version: 0.4.315 - WhatsApp)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\ZoomUMX) (Version: 5.13.3 (11494) - Zoom Video Communications, Inc.)
ZoomInfo Contact Contributor (HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\ZoomInfo Contact Contributor) (Version: 61 - )
 
Packages:
=========
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.29.0_x64__ffd303wmbhcjt [2023-05-27] (BreeZip)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-07-11] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.82.0_x64__htrsf667h5kn2 [2023-09-02] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2023-07-11] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.15.14.0_x64__htrsf667h5kn2 [2023-08-10] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-09-07] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.0.48.0_x86__htrsf667h5kn2 [2023-08-18] (Dell Inc)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa [2023-07-21] (Apple Inc.) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt [2023-08-18] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-11] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-14] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.10.0_x64__w1wdnht996qgy [2023-08-25] (LinkedIn) [Startup Task]
McAfee® Security -> C:\Program Files\McAfee\WPS\1.9.253.1 [2023-06-02] ()
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-30] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2 [2023-09-08] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-10] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-30] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-22] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-09-02] (Spotify AB) [Startup Task]
TouchMail -> C:\Program Files\WindowsApps\daVincisGarageLLC.LarryBooBoo_10.2211.9.0_x64__526xyj0r2d3h2 [2023-07-11] (TouchMail Inc)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2023-07-11] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2023-04-20] (Waves Audio)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -> 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 => No File
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{D4A0D853-F864-416E-8BA9-C1D29325ACDC} -> [iCloud Drive] => C:\Users\cofun\iCloudDrive [2020-05-31 15:14]
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\cofun\Dropbox [2018-12-24 16:42]
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -> 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 => No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.9.253.1\mc-ctxmnu.dll [2023-06-02] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2023\DLLx64\SnagitShellExt64.dll [2023-01-10] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2023\DLLx64\SnagitShellExt64.dll [2023-01-10] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-07] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_abce57a4fb2f73fe\nvshext.dll [2022-05-26] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.9.253.1\mc-ctxmnu.dll [2023-06-02] (McAfee, LLC -> McAfee, LLC)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\cofun\Desktop\Capital One Services LLC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpdnapjjdfomhajdodcfamdnfopokmnb
ShortcutWithArgument: C:\Users\cofun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Capital One Services LLC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpdnapjjdfomhajdodcfamdnfopokmnb
 
==================== Loaded Modules (Whitelisted) =============
 
2021-06-13 15:38 - 2018-11-12 11:25 - 000091648 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-06-13 15:38 - 2018-03-15 17:54 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2023-01-10 11:09 - 2023-01-10 11:09 - 000185856 _____ (TechSmith Corporation) [File not signed] C:\Program Files\TechSmith\Snagit 2023\SnagItShellExtRes.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\cofun\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\cofun\Downloads\HitmanPro_x64.exe:MBAM.Zone.Identifier [135]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=dcte
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> DefaultScope {0AEC0748-8799-4A9C-995C-36202654768C} URL = 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {0AEC0748-8799-4A9C-995C-36202654768C} URL = 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1122&geo=US&ver=22.19.9.63&locale=US_en&guid=5A0C022F-93D9-43AF-A1CC-213DC04E7B70&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-03-31 11:42 - 2023-06-14 16:35 - 000000743 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Amazon Corretto\jdk1.8.0_192\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\dotnet\
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cofun\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AL Print.lnk"
HKLM\...\StartupApproved\StartupFolder: => "iPSNotifier.lnk"
HKLM\...\StartupApproved\Run: => "TechSmithSnagit"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "DYMOWebApi"
HKLM\...\StartupApproved\Run32: => "DymoOfficeHelper"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "Toolkit"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "IL Print"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "ZoomInfo Contact Contributor"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "DYMOConnectLauncher"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\StartupApproved\Run: => "electron.app.Loom"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{762FECEC-DE08-4802-ACE3-F9499043011B}] => (Allow) LPort=9495
FirewallRules: [{A4DEDE29-A10F-410D-8711-36F48E836ABC}] => (Allow) LPort=54955
FirewallRules: [{0677E5AB-9807-4F68-BE3B-93FDDF337927}] => (Allow) LPort=54950
FirewallRules: [{133EFB64-3CDC-4D37-AE48-B3857B818BD2}] => (Allow) LPort=8300
FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{E093616F-DDC8-41AD-8BA2-17692ABD3DF0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2DF74CB-AEB4-4FFD-A738-D96AD9FF75A1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BAB34EAD-EF42-445E-95CF-85189A325BBB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C55501D7-3619-4759-8325-969BF9929CB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1F3BBAC0-4907-4137-982C-FD10E0315B4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{521C3196-894B-4CC0-80B9-398120CE8976}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1B62A5F4-7944-47F6-8F1D-C18FE3BEF5E6}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrotherNetTool.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{7FF17388-E5C6-48E1-ABF0-C06B56E28E12}] => (Allow) C:\Program Files (x86)\Browny02\Brother\BrotherNetTool.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [UDP Query User{03BB2B90-1FBE-477C-95BD-B0F1FAF5E9F0}C:\users\cofun\appdata\local\nuprice\app-3.5.11\nuprice.exe] => (Allow) C:\users\cofun\appdata\local\nuprice\app-3.5.11\nuprice.exe (Matthew Osborn) [File not signed]
FirewallRules: [TCP Query User{D642CA10-0138-4ADC-AEF2-D219FF0E25E0}C:\users\cofun\appdata\local\nuprice\app-3.5.11\nuprice.exe] => (Allow) C:\users\cofun\appdata\local\nuprice\app-3.5.11\nuprice.exe (Matthew Osborn) [File not signed]
FirewallRules: [{33E5F3F8-851A-4F45-971F-09863F2E5C09}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{BC002D55-7A8D-40BD-A4B9-CE1396A2EEE1}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{EB992AFA-27A2-4949-8DA8-DC2E1A327AA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14326.20348.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C0A9FF8-0CF5-4914-ADCC-9EC93C379B0B}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{6D5A68FC-893B-4C0F-9BDD-3694ECB57FBE}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{E7B4F48F-2A21-4EB4-83DD-68EAC1EA9EAE}] => (Allow) LPort=54925
FirewallRules: [{1386F19B-FD4E-4469-9471-A14C043D39BD}] => (Allow) C:\Users\cofun\Downloads\Install\wlan_wiz\.\wlan_assistant\waw.exe () [File not signed]
FirewallRules: [UDP Query User{F48F2AAC-D481-42A6-9AB8-9B6C0A2C634E}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [TCP Query User{2EDD52BD-A923-45AD-A19B-AA9BDE5983A7}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{3B585BFC-BD17-42B0-A005-5ACEB860E21E}] => (Allow) C:\Users\cofun\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AC1449E0-DEF2-47CB-9B2A-45624630515B}] => (Allow) C:\Users\cofun\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EAD6CF84-A4AB-4C32-9A33-DBD5BCBD7C12}] => (Allow) C:\Users\cofun\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{049777F6-A619-4D92-9CC7-640686A91E9A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{A4DC0F81-3C64-4A9C-8C8C-39EE4C456975}] => (Allow) C:\Users\cofun\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2C1AEBAC-5DDE-4D67-9D77-2C7A30F444EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{16BAFECF-D8B5-48CD-B96B-EAC0C8426E21}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DD30246F-350D-4634-847F-2DB79B012020}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7177B14-BCA3-451C-8E31-E5B043DD4F7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B55BAB36-39C8-4204-91F2-8029571941D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B1D94547-511F-4A03-8772-96BB6A6601E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{86C59F04-8EE1-4E82-B23F-EB1BCE6FA722}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D626C715-A084-4CF3-805C-6C7B81982BFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3CEFDF30-8D39-48FF-814F-D4EDB568C7C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CBD4319B-A3A9-4D68-843F-7FAB81EF2839}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{647C8F1B-8967-4092-8391-25B429D1D3AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lord of the Rings - LCG\Lord of the Rings - LCG.exe () [File not signed]
FirewallRules: [{9C3E32C2-2EF9-4364-B7AA-2481EC94F3C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Lord of the Rings - LCG\Lord of the Rings - LCG.exe () [File not signed]
FirewallRules: [{DB8074D7-D24F-49DE-B20E-FA93B74427EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{326B6E55-7832-44AA-9CDA-27A590BF00E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{6A2BDA42-4D56-4CB4-8FB6-2CCA5275C6D3}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{51CDF973-6579-40B6-AECA-95A9BE969A48}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{AE0CD0ED-069B-415C-8211-4BB8AF59F890}] => (Allow) LPort=8485
FirewallRules: [{5B873F3D-5922-49C1-93FF-18CAAD739F16}] => (Allow) LPort=8485
FirewallRules: [{5F20D673-BFD2-4EF8-8E65-A7CD0FA52DF6}] => (Allow) C:\Program Files (x86)\Laplink PCmover\PCmoverHost.exe (Laplink Software Inc. -> Laplink Software, Inc.)
FirewallRules: [{D44EEA57-6A0F-45CF-A487-584363B38DFD}] => (Allow) C:\Program Files (x86)\Laplink PCmover\PCmoverHost64.exe (Laplink Software Inc. -> Laplink Software, Inc.)
FirewallRules: [{A3D8B8D1-94D7-4BD9-9CD9-ABC40AAF7CC4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{32D5BB66-6B6A-4655-8128-1B09E84B53CD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5A233A78-48E6-4033-BE24-8EAA112E2550}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8BADE4A1-8E1A-4E21-9AF4-BCEE1B61F492}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{673EA500-7169-4625-8FA4-AA43C3773E3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8A717735-8C05-4B7A-8088-B7C120EE603A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{995A7718-AE84-4E20-BEFA-46577B8E8467}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{188A4317-907D-4FEB-9079-A3DB4F45E661}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{5E15C75E-BB53-440A-AABE-0807580CB67D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{5A125CFB-B418-4961-B81E-4F10A170951E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{4B08E765-05F5-43B9-B5E7-4E37DB55F195}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{0637FC93-76E5-4AAE-9E36-9168A8A40E83}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{19D192AD-FB75-47DF-830B-F7A07DC33F9C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4342EB0F-7933-4759-9D94-CB130CC51B3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AA723FC7-1911-41C1-9CD1-CE61B0334E94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CD531761-1309-4EBF-A087-877AB76DF3DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{00C7DCAC-59D0-40D2-9EDE-834A47F2EC69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{56BED8DA-A644-4658-9EA6-A1719BBBC40F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{600C0B60-4B98-4806-AAF6-0CA83DD86E20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A89D68D-D503-4C7A-9F93-6F521B24EBA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B54505C-F453-4D9E-A4D1-96022B2099E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D10984FA-44E9-47A6-8318-81DA5AA0E614}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E8821D59-733D-493D-82E3-2774BF60FC4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BC1E2671-D617-4EC9-91DA-B7C2FC19F9E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6A348F88-129B-4C4F-A6F0-64A42D83D015}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B3E046A4-CC8C-45E0-815F-6B2E730B4258}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{93ED5EF6-24BA-475E-83F0-50248432155A}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{E4468693-F4F6-42CB-89F4-3B6F12B4C9BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7DA75229-AC88-4F71-AEF6-4B3FFC20FE42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{79889498-AC53-4F22-A755-A96FEAB9AB28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A1DEE0DD-99DB-40CE-8796-AC8BA3531815}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BCB01739-D18F-47E4-8019-1011F72FCB83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ED6F9F63-D559-4E79-8F43-98BBE62D84DB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4EB4C1D2-E003-470C-AAE0-AB53DA15F30D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BDA19547-C049-4C61-AD7E-69DFC8F738FD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5DD1C28-30EC-4A20-A09C-FA10F9A73E14}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{41B20E12-7807-4B6D-AE42-BC3040723064}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{945DE574-BE39-4AD9-BA51-40FEED5AD7BB}] => (Allow) LPort=8300
FirewallRules: [{EC563B9B-4856-40E2-A36F-857283721E31}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C3F2EC38-C308-4E15-9D09-7A35F6DD8F71}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
11-09-2023 07:51:21 Scheduled Checkpoint
11-09-2023 08:44:36 Piriform Driver Updater - Update 4.45.0.0
11-09-2023 10:18:44 Checkpoint by HitmanPro
 
==================== Faulty Device Manager Devices ============
 
Name: Waves Audio Effects Component
Description: Waves Audio Effects Component
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/11/2023 10:30:08 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NEWTOMLAPTOP)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/11/2023 10:25:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (09/11/2023 10:25:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (09/11/2023 10:24:23 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NEWTOMLAPTOP)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/11/2023 08:44:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {844f5a94-fb1c-4c48-bec5-b9c8ab6b65d2}
 
Error: (09/11/2023 08:43:48 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Stop Broadcast Receiver Server
 
Error: (09/11/2023 08:43:48 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: A blocking operation was interrupted by a call to WSACancelBlockingCall
 
Error: (09/11/2023 08:43:48 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Stop Server
 
 
System errors:
=============
Error: (09/11/2023 10:25:08 AM) (Source: DCOM) (EventID: 10010) (User: NEWTOMLAPTOP)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (09/11/2023 10:19:08 AM) (Source: DCOM) (EventID: 10010) (User: NEWTOMLAPTOP)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (09/11/2023 08:10:57 AM) (Source: DCOM) (EventID: 10010) (User: NEWTOMLAPTOP)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (09/11/2023 07:13:14 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.
 
Error: (09/11/2023 12:13:22 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.
 
Error: (09/10/2023 09:13:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/10/2023 09:23:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/10/2023 09:21:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.
 
 
CodeIntegrity:
===============
Date: 2023-09-11 10:49:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.21.0 04/15/2022
Motherboard: Dell Inc. 0FDMYT
Processor: Intel® Core™ i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 16176.76 MB
Available physical RAM: 7294.65 MB
Total Virtual: 31024.76 MB
Available Virtual: 20370.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:461.38 GB) (Free:225.12 GB) (Model: PM981 NVMe Samsung 512GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:880.83 GB) (Model: ST1000LM035-1RK172) NTFS
 
\\?\Volume{52b5c9e1-6840-4292-a722-8af4281254c8}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.14 GB) NTFS
\\?\Volume{388c4e92-52ac-4e4c-8cd1-b26b31151074}\ (Image) (Fixed) (Total:12.73 GB) (Free:0.2 GB) NTFS
\\?\Volume{ed5cfc7f-05fb-4ec2-8354-bd9b0affdd28}\ (DELLSUPPORT) (Fixed) (Total:1.09 GB) (Free:0.25 GB) NTFS
\\?\Volume{b0afb504-320f-4e6a-ac85-2eec93ccf0fd}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==================== End of Addition.txt =======================
 

 


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 11 September 2023 - 01:40 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 11 September 2023 - 02:14 PM

Let's start with this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
  • When completed click View Scan Log File
  • Copy and paste the contents in your reply
  • Click Skip Basic Repair if it appears then close the program
===================================================

Deleting Chrome Notifications

--------------------
  • Launch Chrome
  • In the address bar type chrome://settings/content/notifications and hit Enter
  • Scroll down to Allowed to send notifications
  • For any entry you are not familiar with or do not want click on the 3 horizontal dots to the right and select Remove
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Norton Security Online (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Online (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> DefaultScope {0AEC0748-8799-4A9C-995C-36202654768C} URL = 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {0AEC0748-8799-4A9C-995C-36202654768C} URL 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1122&geo=US&ver=22.19.9.63&locale=US_en&guid=5A0C022F-93D9-43AF-A1CC-213DC04E7B70&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => C:\Users\cofun\Downloads\MTGAInstaller.exe
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [] => [X] 
S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\elevation_service.exe" [X] 
HKLM\...\Print\Monitors\HP B111 Status Monitor: hpinkstsB111LM.dll (No File) 
Task: {AD038E73-97A7-4C22-B781-24530923FEEA} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe  --taskscheduler (No File) 
Task: {88284482-8E40-4918-85AD-DF86BF9D9AC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -> 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 => No File 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -> 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 => No File 
Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File 
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\Software\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\Software\Policies\Google
DeleteKey: HKEY_LOCAL_MACHINE\Software\Google\Chrome
DeleteKey: HKEY_LOCAL_MACHINE\Software\Policies\Google
DeleteKey: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment
DeleteValue: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}|CloudManagementEnrollmentToken
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist
DeleteKey: HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
DeleteKey: HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist
C:\ProgramFiles (x86)\Google\Policies
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • AdwCleaner log
  • Chrome Notifications reviewed?
  • Fixlog
  • Update on computer/Chrome behavior

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#4 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 11 September 2023 - 09:03 PM

okay - will try to remember to check every day

 

here is the adwcleaner log - found only pre installed items - don't mind them being quaranteen (sp) - can always reinstall them afterwards, if necessary.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-11-2023
# Duration: 00:00:04
# OS:       Windows 10 (Build 19045.3324)
# Cleaned:  30
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
Deleted       Honey - jid1-93CWPmRbVPjRQA@jetpack
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Deleted       Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Deleted       Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SUPPORTASSIST
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Users\cofun\Documents\DELL\SUPPORTASSIST
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F491C17-68F8-438B-9CA6-5EF8DD733A81} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F491C17-68F8-438B-9CA6-5EF8DD733A81} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Deleted       Preinstalled.SamsungSmartSwitch   File   C:\Users\Public\Desktop\Smart Switch.lnk
Deleted       Preinstalled.SamsungSmartSwitch   File   C:\Users\cofun\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\Users\cofun\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Deleted       Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Deleted       Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Deleted       Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C8BD52-B821-4EC9-8654-24940767648C} 
Deleted       Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Deleted       Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [4576 octets] - [11/09/2023 19:58:16]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 

 

 


#5 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 11 September 2023 - 09:11 PM

I loaded up FRST64 and did the highlight the items above and did a ctrl C but fix button never enabled.  Should I copy it to the search ??

NEVER MIND - the Fix button looked Greyed out when it was just a darker color.  So did get the FRST64 to run the fix.  Log is below....

 

 

 Did the chrome and deleted various entries that looked suspicious or I didn't know.

 

 

FRST fix log follows :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023
Ran by cofun (11-09-2023 20:12:30) Run:1
Running from C:\Users\cofun\Downloads
Loaded Profiles: cofun
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Norton Security Online (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Online (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> DefaultScope {0AEC0748-8799-4A9C-995C-36202654768C} URL = 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {0AEC0748-8799-4A9C-995C-36202654768C} URL 
SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1122&geo=US&ver=22.19.9.63&locale=US_en&guid=5A0C022F-93D9-43AF-A1CC-213DC04E7B70&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => C:\Users\cofun\Downloads\MTGAInstaller.exe
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [] => [X] 
S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\elevation_service.exe" [X] 
HKLM\...\Print\Monitors\HP B111 Status Monitor: hpinkstsB111LM.dll (No File) 
Task: {AD038E73-97A7-4C22-B781-24530923FEEA} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe  --taskscheduler (No File) 
Task: {88284482-8E40-4918-85AD-DF86BF9D9AC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File) 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -> 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 => No File 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File 
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -> 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 => No File 
Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File 
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\Software\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\Software\Policies\Google
DeleteKey: HKEY_LOCAL_MACHINE\Software\Google\Chrome
DeleteKey: HKEY_LOCAL_MACHINE\Software\Policies\Google
DeleteKey: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment
DeleteValue: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}|CloudManagementEnrollmentToken
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist
DeleteKey: HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
DeleteKey: HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist
C:\ProgramFiles (x86)\Google\Policies
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}" => removed successfully
"AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}" => removed successfully
"AV: Norton Security Online (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}" => removed successfully
"FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}" => removed successfully
"FW: Norton Security Online (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}" => removed successfully
"FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}" => removed successfully
"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -> {0AEC0748-8799-4A9C-995C-36202654768C} URL" => not found
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{618B5357-098B-4F66-A4BC-9A98DB363F1A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF111DC1-C32C-477A-851C-62DD0D7D07B3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33183412-9E4D-4137-A1B9-149833CB8B05}" => removed successfully
"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" => removed successfully
"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\HP B111 Status Monitor => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD038E73-97A7-4C22-B781-24530923FEEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD038E73-97A7-4C22-B781-24530923FEEA}" => removed successfully
C:\WINDOWS\System32\Tasks\IPVanish.VpnClient => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IPVanish.VpnClient" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88284482-8E40-4918-85AD-DF86BF9D9AC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88284482-8E40-4918-85AD-DF86BF9D9AC0}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1} => removed successfully
HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1} => removed successfully
"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome => removed successfully
"HKEY_CURRENT_USER\Software\Google\Chrome" => removed successfully
HKEY_CURRENT_USER\Software\Policies\Google => not found
"HKEY_LOCAL_MACHINE\Software\Google\Chrome" => removed successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google => removed successfully
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment => not found
"HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\\CloudManagementEnrollmentToken" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist" => not found
"HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" => not found
"HKEY_USERS\S-1-5-21-757262739-2975744681-2449658496-1000\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist" => not found
"C:\ProgramFiles (x86)\Google\Policies" => not found
HKLM\SOFTWARE\Policies\Google => not found
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19045.3324
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41120494 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 234004182 B
Windows/system/drivers => 384767 B
Edge => 85018 B
Chrome => 481441887 B
Brave => 176128 B
Firefox => 41424954 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 9269509 B
systemprofile32 => 9269509 B
LocalService => 9298743 B
NetworkService => 9305399 B
cofun => 507672500 B
 
RecycleBin => 236800105 B
EmptyTemp: => 1.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:15:06 ====

Edited by TomV22, 11 September 2023 - 09:21 PM.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 08:06 AM

Thank you for the information and reports.

Let me know if Chromes is still showing it is managed by your organization.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#7 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 12 September 2023 - 08:54 AM

If memory serves, it was on the password page that it said those words.  Just went there and it appears to be gone.

 

The only thing I have noticed, is that it seems like I have to hit items like close window X button numerous times (2-3 times or more) before it closes.   Or having to select a button like reply multiple times before it will respond.   More so in the past few days, including yesterday while running the various programs.

 

Thomas


#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 09:21 AM

Thank you Thomas.

Are you using the touchpad or mouse?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#9 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 12 September 2023 - 06:10 PM

mouse


#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 08:45 PM

Thank you.

===================================================

Uninstalling/Reinstalling a Device Driver

----------
  • Remove all external mice
  • Press the Windows Key + R at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Mice and other pointing devices section by clicking + sign
  • Right click on each entry, select Uninstall, then OK
  • Reboot your computer
  • Reconnect your external mouse
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#11 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 13 September 2023 - 08:38 AM

okay - did the below for the mouse this morning (Wed Sept 13)

 

While deleting, in the device management screen, the top folder kept closing and opening.  I presume that was due to deleting of the mouses (mice)?

 

And now I see the same 3 devices under mouse.  One i believe is the touch pad and the 2 HID Compliant mouses.  I do use a Logitech mouse and keyboard off this one USB plug in device.   Would that cause that ?

 

Also Hitman keeps running every time I boot up and keeps squawking about ILPrint driver.  I know that driver is necessary for printing for Inventory Lab.  Even though I tell HitMan to ignore it, every reboot it keeps flagging it as an issue.  Should I remove hitman ?

 

Thomas


#12 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 13 September 2023 - 10:35 AM

Something odd is going on with Chrome.  At times it works great - responsive.

 

other times slower than a dog - as in can't even open a window to go to google.   Just constant spin spin spin.   

 

And it's either all good or all bad.    Could chrome browser gotten infected  and maybe needs a reinstall (don't want to lose my extentsions / passwords) ?

 

also when I did the mouse reload, there was a windows update that occurred as well....

 

Thomas


Edited by TomV22, 13 September 2023 - 10:36 AM.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 13 September 2023 - 01:16 PM

First things first. Is the mouse issue now resolved?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#14 TomV22

TomV22
  • Topic Starter

  • Avatar image
  • Members
  • 155 posts
  • OFFLINE
    •  
  • Local time:07:23 PM

Posted 14 September 2023 - 06:29 AM

Mouse - yes. 

 

Chrome is either slow or okay.  Every reboot it stays the same.  Have like 8-10 tabs open on 1 page.  


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 14 September 2023 - 08:08 AM

Thank you.

Please test this.

===================================================

Launching Chrome Without Extensions

--------------------
  • Hit the Windows Key + R at the same time
  • In the Run box type or copy/paste chrome --disable-extensions and hit Enter
  • Let me know if Chrome works properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·