Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

nojs.domaincontrol.com

Started by biznet , Sep 16 2023 03:22 PM

  • Please log in to reply
5 replies to this topic

#1 biznet

biznet

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:24 AM

Posted 16 September 2023 - 03:22 PM

This URL has hijacked my Microsoft Edge start page. How do I get rid of it?

Edited by iMacg3, 16 September 2023 - 07:20 PM.
Moved from Antivirus Software to Malware Removal Help

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 17 September 2023 - 08:18 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#3 biznet

biznet
  • Topic Starter

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:24 AM

Posted 20 September 2023 - 08:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Elder Arthur-Kaye (administrator) on DESKTOP-MLSC2PJ (TOSHIBA Satellite C55D-A) (21-09-2023 00:51:52)
Running from C:\Users\Elder Arthur-Kaye\Desktop\FRST64english.exe
Loaded Profiles: Elder Arthur-Kaye
Platform: Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) Language: English (United Kingdom) -> English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\ProgramData\MTN Pocket Internet\OnlineUpdate\ouc.exe
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2306.1061.0_x64__8wekyb3d8bbwe\WebViewHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe <6>
(C:\ProgramData\DataCardService\DCSHelper.exe ->) () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\MTN Pocket Internet.exe
(C:\ProgramData\DataCardService\HWDeviceService64.exe ->) (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe <2>
(DriverStore\FileRepository\c0320084.inf_amd64_7f3036a79bcd0f6e\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\80.0.1.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Mega Limited -> Mega Limited) C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\MEGAsync.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2306.1061.0_x64__8wekyb3d8bbwe\WebViewHost.exe
(explorer.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(explorer.exe ->) (SFX TEAM) [File not signed] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
(explorer.exe ->) (WordWeb Software Ltd -> WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(Panda Security S.L -> Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0320084.inf_amd64_7f3036a79bcd0f6e\atiesrxx.exe
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe <2>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) C:\ProgramData\DataCardService\HWDeviceService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2336.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (D2D0D4D7-08C0-4ECC-B90E-098CBD4F6506 -> ) C:\Program Files\WindowsApps\46614NiceView.BibleUniversal_1.1.276.0_x64__mbkqqar0c2q2m\UniversalProject.UWP.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PowerDVD22Agent] => C:\Program Files\CyberLink\PowerDVD22\PowerDVD22Agent.exe [567056 2022-05-10] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-10] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-10] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [SuperCopier2.exe] => C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392 2009-08-16] (SFX TEAM) [File not signed]
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [MicrosoftEdgeAutoLaunch_62694403185C5502362D63F1FCA1B2F3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4219448 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [CyberlinkPowerPlayerMediaServer_PowerDVD22] => C:\Program Files\CyberLink\PowerDVD22\Common\CLMediaServer\clmediaserver.exe [6773008 2022-05-10] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [110792 2023-04-14] (WordWeb Software Ltd -> WordWeb Software)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2023-09-18] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-10] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\MountPoints2: {153f67e8-0623-11ee-a9f8-b8ee65636611} - "D:\AutoRun.exe" 
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\MountPoints2: {153f6848-0623-11ee-a9f8-b8ee65636611} - "D:\AutoRun.exe" 
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\MountPoints2: {c0a2fd31-06c9-11ee-a9fb-008cfa9ced28} - "D:\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-10] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\FPR11:: C:\Windows\system32\fpmon11-x64.dll [262656 2022-03-19] (FinePrint Software, LLC -> FinePrint Software, LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-16] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2023-06-11]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
Startup: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2023-06-11]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {BAD0D6C2-2598-41C7-A193-4A1D0A9EF5C9} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-06-06] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {CF353A92-31D4-4799-B98A-05AEB9526406} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2319632 2022-04-14] (CyberLink Corp. -> )
Task: {CAE6C6FB-4655-42E7-8201-4CC9EA41C922} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2319632 2022-04-14] (CyberLink Corp. -> )
Task: {CC26036F-4DAA-4928-A3E2-A4EC121501F2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5307536 2023-08-14] (Microsoft Windows -> Microsoft Corporation)
Task: {458D69FD-D342-432D-962D-9C8C955BD823} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\Scheduler.exe [159208 2023-06-13] (IObit CO., LTD -> IObit)
Task: {E8F8A28E-9796-4CDA-8890-FC28829F00DE} - System32\Tasks\Driver Booster SkipUAC (Elder Arthur-Kaye) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit)
Task: {890BED91-F183-4C06-8B33-8E6C5FA44E34} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit)
Task: {884FBE77-EC88-4FB0-9AB4-00B05909C35E} - System32\Tasks\GoogleUpdateTaskMachineCore{60E6C91C-D04B-4C24-B439-861EE2043BEE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {9511A0B9-5379-4519-9D53-92606FF627BE} - System32\Tasks\GoogleUpdateTaskMachineUA{999A9E0A-F1D1-46A4-80F6-3C048538BA06} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {4EAA6794-0391-4FB2-A424-304CF8A2B9BD} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1494128663-690690108-2164932681-1001 => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-08-22] (Mega Limited -> )
Task: {0311B415-812A-4E4F-85AA-CA7208A4C894} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F81788EF-BF85-49CE-97B8-824908BBCA4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0CFBEC81-102F-4E56-B67E-7667D5498D8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21D6EDAF-4D1C-43C9-A25E-4C540344AC01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A8106745-39F2-4ADB-A53C-79940DDA2CA8} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675232 2023-09-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {7C003F2E-266B-4104-8F98-64EDD9650B6F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {17560889-8F5B-441F-A589-84218FBFAF2D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1494128663-690690108-2164932681-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F118E06-7888-45E4-843B-7A5F35C15AD8} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [116544 2010-06-01] (Panda Security S.L -> ) -> "C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe" /resident /agreelicense
Task: {BE433673-A3FF-4365-828D-3C94F36996B7} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [21146152 2023-06-10] (Goversoft LLC -> Goversoft LLC)
Task: {299766AA-8207-4B78-B1BF-AABF2E037BAD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617880 2023-08-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BFEDE37B-E54A-4F70-80E2-5F372E3DD7C7} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {5BDFE8EF-D5C5-437C-A654-9E4440CF2F42} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [6099680 2023-05-19] (IObit CO., LTD -> IObit)
Task: {7D0B5063-EA0E-4F8A-A5ED-4BC5542A2DE0} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3657440 2023-05-12] (IObit CO., LTD -> IObit)
Task: {D21EE79B-E7C2-4D07-AFDC-00B3012E3D2F} - System32\Tasks\Uninstaller_SkipUac_Elder_Arthur-Kaye => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9831432 2023-07-31] (IObit CO., LTD -> IObit)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{12692518-b547-47af-a01b-fa7a9fb73896}: [NameServer] 8.8.8.8 196.201.62.141
Tcpip\..\Interfaces\{4ec02fa8-24d4-4f9b-b344-b3ed871239cb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bcece553-4d4d-4dec-972e-c41b67325e68}: [DhcpNameServer] 10.5.50.1
Tcpip\..\Interfaces\{f19dfdb7-5c36-4502-992f-6d8dd2ed7602}: [NameServer] 8.8.8.8 196.201.62.141
 
Edge: 
=======
Edge Profile: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-21]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (ChatGPT for WhatsApp) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ajlcjjeepijhfbgkciegfdoklpcpmipk [2023-08-26]
Edge Extension: (APK downloader) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bmblbechbdbgaebdioelojhkhenkkjpf [2023-07-08]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-09-16]
Edge Extension: (Export ChatGPT Conversation) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clgidpflecgaaabfcmdmkcgebpbadgoc [2023-06-21]
Edge Extension: (ChatGPT for Google by cloudHQ) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emjhillblkjkhnclfgcahgdhjmdmeohj [2023-09-09]
Edge Extension: (Google Docs Offline) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-18]
Edge Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2023-09-21]
Edge Extension: (ChatGPT for Google) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2023-09-16]
Edge Extension: (Edge relevant text changes) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (Print Friendly & PDF) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nhiebejbpolmpkikgbijamagibifhjib [2023-06-10]
Edge Extension: (The Printliminator) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nklechikgnfoonbfmcalddjcpmcmgapf [2023-06-10]
Edge Extension: (AIPRM for ChatGPT) - C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ojnbohmppadfgpejeebfnmnknjdlckgj [2023-09-16]
 
FireFox:
========
FF DefaultProfile: fh8nwyax.default
FF ProfilePath: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Mozilla\Firefox\Profiles\fh8nwyax.default [2023-09-17]
FF Extension: (IDM Integration Module) - C:\Users\Elder Arthur-Kaye\AppData\Roaming\Mozilla\Firefox\Profiles\fh8nwyax.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2023-07-08]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Elder Arthur-Kaye\AppData\Roaming\Mozilla\Firefox\Profiles\fh8nwyax.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-09-16]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default [2023-09-18]
CHR Notifications: Default -> hxxps://www.livspace.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://biznet-kafe.me/status"
CHR Extension: (Bible) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2023-08-04]
CHR Extension: (Free Download Manager) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2023-08-26]
CHR Extension: (Docs) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2023-06-08]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-09-01]
CHR Extension: (APK downloader) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmblbechbdbgaebdioelojhkhenkkjpf [2023-06-16]
CHR Extension: (Tab Manager Plus for Chrome) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkdjjdmfiffagllbiiilooaoofcoeff [2023-08-26]
CHR Extension: (Share and attach files in Gmail™ by cloudHQ) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgdeilfnkkmcolnfmghjgjmlalanomdf [2023-08-26]
CHR Extension: (Just Read) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2023-08-26]
CHR Extension: (Dark Reader) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2023-08-26]
CHR Extension: (YouChat AI for Google) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadggkehmhkhahfcdeoghpepnpnhilhg [2023-08-26]
CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-08-26]
CHR Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiobkfhnonedkhhfjpmhdalgeoebfa [2023-08-26]
CHR Extension: (AirDroid) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2023-08-26]
CHR Extension: (Dropbox) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2023-08-26]
CHR Extension: (ChatGPT for Google) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2023-09-16]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-09-16]
CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2023-08-26]
CHR Extension: (Evernote Web) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2023-08-26]
CHR Extension: (Yellow highlighter pen for web) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2023-08-26]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2023-09-09]
CHR Extension: (Chrono Download Manager) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2023-08-26]
CHR Extension: (Microsoft 365) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2023-08-26]
CHR Extension: (OneDrive) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2023-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-08]
CHR Extension: (YouTube Summary with ChatGPT & Claude) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmicjeknamkfloonkhhcjmomieiodli [2023-08-26]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2023-08-26]
CHR Extension: (Smallpdf - Edit, Compress and Convert PDF) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfgljdgelakfkefopgklcohadegdpjf [2023-09-16]
CHR Extension: (PrintFriendly - Print and PDF Web Pages) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2023-08-26]
CHR Extension: (Postlight Reader) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2023-08-26]
CHR Extension: (Online Download Manager - Video Downloader) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjjpmhoiojifppkkcdabiobhakljdgm [2023-08-26]
CHR Extension: (Speedtest by Ookla) - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2023-08-26]
CHR HKU\S-1-5-21-1494128663-690690108-2164932681-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Elder Arthur-Kaye\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2023-06-08]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [4040776 2023-09-07] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 DSDFunctionKeyCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe [708528 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S2 DSDTabletControlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDTabSysSvc.exe [320496 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 DSDWirelessLEDCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe [470504 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 dynabookSettingService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe [24162712 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe [3518480 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] (Huawei Technologies Co., Ltd. -> )
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2023-07-26] (IObit CO., LTD -> IObit)
S2 MTN Pocket Internet. RunOuc; C:\Program Files (x86)\MTN Pocket Internet\UpdateDog\ouc.exe [645120 2015-04-14] () [File not signed]
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe [3855376 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310688 2023-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 CLFCL5.22; C:\Windows\System32\drivers\CLFCL5.22\000.fcl [46768 2022-05-10] (CyberLink Corp. -> CyberLink Corp.)
R3 dhotkey; C:\Windows\System32\drivers\dhotkey.sys [52736 2023-03-22] (Dynabook Inc. -> Dynabook Inc.)
R1 dsrvctldrv; C:\Windows\System32\drivers\dsrvctldrv.sys [30256 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R0 DVALZ_O; C:\Windows\System32\drivers\DVALZ_O.SYS [47464 2022-07-18] (Dynabook Inc. -> Dynabook Inc.)
S3 evserial9; C:\Windows\System32\DRIVERS\evserial9.sys [47952 2023-05-30] (Electronic Team, Inc. -> Electronic Team, Inc.)
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 ew_usbenumfilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [18688 2015-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [126080 2014-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 hwusb_wwanecm; C:\Windows\System32\drivers\ew_wwanecm.sys [381312 2015-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2023-01-13] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2023-01-13] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2023-01-13] (IObit Information Technology -> IObit)
R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 VSBC9; C:\Windows\System32\drivers\evsbc9.sys [136704 2023-05-30] (Electronic Team, Inc. -> Electronic Team, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2023-06-08] (Nemea Mjukvaruutveckling AB -> Basil Projects)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2023-07-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2023-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 00:51 - 2023-09-21 00:54 - 000033212 _____ C:\Users\Elder Arthur-Kaye\Desktop\FRST.txt
2023-09-21 00:50 - 2023-09-21 00:53 - 000000000 ____D C:\FRST
2023-09-21 00:48 - 2023-09-21 00:48 - 002382848 _____ (Farbar) C:\Users\Elder Arthur-Kaye\Desktop\FRST64english.exe
2023-09-18 16:24 - 2023-09-18 16:24 - 000430723 _____ C:\Users\Elder Arthur-Kaye\Desktop\BLOCKED URL.pdf
2023-09-17 04:52 - 2023-09-17 04:59 - 251428864 _____ C:\Users\Elder Arthur-Kaye\Downloads\PowerDVD_22.0.3008.62_Patch_DVD230608-03.tmp
2023-09-16 19:26 - 2023-09-17 04:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-09-16 09:31 - 2023-09-16 09:48 - 297110088 _____ (Malwarebytes) C:\Users\Elder Arthur-Kaye\Downloads\MBSetup.exe
2023-09-16 09:30 - 2023-09-16 09:30 - 002606880 _____ (Malwarebytes) C:\Users\Elder Arthur-Kaye\Downloads\MBSetup-076886.076886-consumer (1).exe
2023-09-16 09:29 - 2023-09-16 09:29 - 002606880 _____ (Malwarebytes) C:\Users\Elder Arthur-Kaye\Downloads\MBSetup-076886.076886-consumer.exe
2023-09-16 09:27 - 2023-09-16 09:27 - 000000000 ___HD C:\$WinREAgent
2023-09-10 12:22 - 2023-09-10 12:23 - 000507904 _____ (IObit ) C:\Users\Elder Arthur-Kaye\Downloads\Unconfirmed 897555.crdownload
2023-09-10 11:39 - 2023-09-10 11:40 - 000643928 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-03 00:59 - 2023-09-03 00:59 - 002356883 _____ C:\Users\Elder Arthur-Kaye\Downloads\w_wile440.pdf
2023-09-03 00:11 - 2023-09-03 00:21 - 058283416 _____ (Mozilla) C:\Users\Elder Arthur-Kaye\Downloads\Firefox Setup 117.0.exe
2023-09-03 00:06 - 2023-09-03 00:24 - 099807792 _____ (Google LLC) C:\Users\Elder Arthur-Kaye\Downloads\ChromeStandaloneSetup64.exe
2023-09-03 00:06 - 2023-09-03 00:08 - 000000000 ____D C:\Users\Elder Arthur-Kaye\Documents\MEGAsync
2023-08-31 01:34 - 2023-09-16 09:16 - 000000000 ____D C:\ProgramData\ProductData3
2023-08-31 01:34 - 2023-08-31 01:34 - 000001412 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2023-08-31 01:22 - 2023-08-31 01:24 - 028309976 _____ (IObit ) C:\Users\Elder Arthur-Kaye\Downloads\iobituninstaller.exe
2023-08-31 00:30 - 2023-08-31 00:30 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\QtProject
2023-08-31 00:28 - 2023-08-31 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2023-08-28 16:20 - 2023-08-28 16:20 - 000039350 _____ C:\Users\Elder Arthur-Kaye\Downloads\MomoStatementReport.pdf
2023-08-27 02:36 - 2023-08-27 02:37 - 015152144 _____ (IObit ) C:\Users\Elder Arthur-Kaye\Downloads\smart-defrag-setup.exe
2023-08-25 20:12 - 2023-08-25 20:12 - 000056328 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 00:32 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-21 00:24 - 2023-06-08 09:25 - 000000000 ___RD C:\Users\Elder Arthur-Kaye\OneDrive
2023-09-21 00:24 - 2023-06-08 09:20 - 000000000 ___SD C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Credentials
2023-09-21 00:14 - 2023-06-09 00:52 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-21 00:14 - 2022-09-08 03:14 - 000000000 ____D C:\Windows\SystemTemp
2023-09-20 23:09 - 2023-07-02 02:07 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\bluestacks-services
2023-09-20 23:01 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2023-09-20 23:00 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-20 22:58 - 2023-06-12 20:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-20 22:58 - 2023-06-08 09:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-20 22:58 - 2023-06-08 09:06 - 000008192 ___SH C:\DumpStack.log.tmp
2023-09-18 18:15 - 2023-06-08 09:30 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-09-18 18:15 - 2023-06-08 09:19 - 000000000 ____D C:\Users\Elder Arthur-Kaye
2023-09-18 18:15 - 2019-12-07 09:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-18 17:48 - 2023-06-08 09:53 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Word
2023-09-18 17:32 - 2023-07-02 01:32 - 000000000 ____D C:\Program Files\Proton
2023-09-18 16:24 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\NDF
2023-09-18 15:56 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2023-09-18 15:27 - 2023-06-09 12:58 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-18 15:27 - 2023-06-09 12:58 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-18 15:27 - 2023-06-09 00:30 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1494128663-690690108-2164932681-1001
2023-09-18 15:26 - 2023-06-08 09:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-18 15:21 - 2023-08-19 04:13 - 000002498 _____ C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacks Services.lnk
2023-09-18 15:17 - 2023-06-12 20:33 - 000000000 ___HD C:\Users\Elder Arthur-Kaye\Documents\Rubbish
2023-09-18 15:11 - 2023-06-08 17:12 - 000000000 ____D C:\ProgramData\ProductData
2023-09-18 15:10 - 2023-06-08 09:06 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-17 07:08 - 2023-06-09 07:29 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Excel
2023-09-17 04:38 - 2023-06-08 09:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-16 21:25 - 2023-08-04 02:44 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-16 21:23 - 2023-06-08 09:38 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-16 21:04 - 2023-06-08 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-16 21:04 - 2023-06-08 09:20 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\ConnectedDevicesPlatform
2023-09-16 19:46 - 2023-06-09 00:53 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-16 10:32 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-16 09:47 - 2023-06-09 18:27 - 000000000 ____D C:\Windows\system32\MRT
2023-09-16 09:46 - 2023-06-09 18:26 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-10 12:29 - 2023-06-08 09:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-10 09:17 - 2023-06-10 11:49 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\PrivaZer
2023-09-10 08:06 - 2023-06-15 22:28 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\Wise Disk Cleaner
2023-09-10 08:04 - 2023-06-11 05:27 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\CrashDumps
2023-09-10 01:41 - 2023-08-17 07:44 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-09-07 01:42 - 2023-06-11 04:24 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-09-03 22:44 - 2023-06-24 00:57 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini
2023-09-03 22:37 - 2023-06-13 08:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-03 07:10 - 2023-06-09 08:13 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\TheSage
2023-09-03 00:06 - 2023-06-09 07:52 - 000000000 ____D C:\Users\Elder Arthur-Kaye\Documents\FinePrint files
2023-09-02 05:39 - 2023-07-08 03:49 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\Monica
2023-08-31 01:34 - 2023-06-08 17:12 - 000001424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2023-08-31 01:34 - 2023-06-08 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2023-08-31 00:40 - 2023-07-02 02:05 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2023-08-31 00:39 - 2023-06-10 05:22 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-08-31 00:37 - 2023-07-08 03:48 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\monica-updater
2023-08-31 00:36 - 2023-06-10 11:45 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2023-08-29 22:05 - 2023-06-21 02:07 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-08-28 23:43 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-28 15:12 - 2023-06-13 09:11 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\readyVoucher
2023-08-22 02:06 - 2023-06-11 04:29 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync
2023-08-22 00:40 - 2023-06-11 04:58 - 000000000 ____D C:\Users\Elder Arthur-Kaye\Documents\AirDroid
2023-08-22 00:40 - 2023-06-11 04:58 - 000000000 ____D C:\Users\Elder Arthur-Kaye\AppData\Roaming\AirDroid
2023-08-22 00:40 - 2023-06-11 04:57 - 000000000 ____D C:\Program Files (x86)\AirDroid
 
==================== Files in the root of some directories ========
 
2023-06-18 02:02 - 2023-06-18 02:02 - 000000068 _____ () C:\Users\Elder Arthur-Kaye\AppData\Roaming\changzhi_leidian.data
2023-06-08 09:42 - 2018-11-15 11:36 - 003229424 ____N () C:\Users\Elder Arthur-Kaye\AppData\Roaming\KMSpico-setup.exe
2023-06-08 09:42 - 2019-02-19 18:15 - 000548352 ____N () C:\Users\Elder Arthur-Kaye\AppData\Roaming\terra.exe
2023-06-11 05:03 - 2023-06-15 23:20 - 000000058 _____ () C:\Users\Elder Arthur-Kaye\AppData\Local\Anderson Hu_MobysaurusThesaurus_InstallInfo.dat
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

#4 biznet

biznet
  • Topic Starter

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:24 AM

Posted 20 September 2023 - 08:09 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Elder Arthur-Kaye (21-09-2023 00:57:09)
Running from C:\Users\Elder Arthur-Kaye\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) (2023-06-08 09:14:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1494128663-690690108-2164932681-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1494128663-690690108-2164932681-503 - Limited - Disabled)
Elder Arthur-Kaye (S-1-5-21-1494128663-690690108-2164932681-1001 - Administrator - Enabled) => C:\Users\Elder Arthur-Kaye
Guest (S-1-5-21-1494128663-690690108-2164932681-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1494128663-690690108-2164932681-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2019 Computer Bible Study Library -- English (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\2019 Computer Bible Study Library -- English) (Version:  - )
4K Video Downloader (HKLM\...\{AEA8BC01-FEBD-4A5B-B695-7CF5CE587CC8}) (Version: 4.24.3.5420 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{59d432e9-0cee-4e47-83ab-c9251bdb2bd9}) (Version: 4.24.3.5420 - Open Media LLC)
AirDroid 3.7.1.2 (HKLM-x32\...\AirDroid) (Version: 3.7.1.2 - Sand Studio)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.1.16 - AnyDesk Software GmbH)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.12.1.1001 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\BlueStacksServices) (Version: 3.0.1 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\BlueStacks X) (Version: 10.2.5.1002 - now.gg, Inc.)
ChatGPT (HKLM\...\{79311651-4623-40F8-A0E1-59FBE36000D2}) (Version: 1.0.0 - lencx)
CrystalDiskInfo 9.0.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.0.1 - Crystal Dew World)
CyberLink PowerDVD 22 (HKLM-x32\...\{3584CCD3-8938-45F3-8103-0F3F7ABF4419}) (Version: 22.0.1620.62 - CyberLink Corp.)
Docs (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\a9dd457b8bc8d7c1e498e549a8b7e5cf) (Version: 1.0 - Google\Chrome)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
FinePrint (HKLM\...\FinePrint) (Version: 11.12 - FinePrint Software, LLC)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.0.0.12394 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 80.0.1.0 - Google LLC)
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.70 - Janos Mathe)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.0.0.13 - IObit)
ISA3 basic 3.0.2 (HKLM-x32\...\{EB17D8F3-3E62-4A91-96D0-7B2E55C33E07}_is1) (Version: 3.0.2 - Scripture4All Publishing)
LibreOffice 7.5.2.2 (HKLM\...\{B722792A-A194-4906-97A9-58CA688304E8}) (Version: 7.5.2.2 - The Document Foundation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MightyText (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\MightyText) (Version: 6.1.7 - MightyText)
MiniTool Partition Wizard Free 12.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.8 - MiniTool Software Limited)
Monica 1.1.1 (HKLM\...\2c806f82-a8b4-5c1c-97dd-7babf26e0869) (Version: 1.1.1 - )
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-US)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
MTN Pocket Internet (HKLM-x32\...\MTN F@stLink) (Version: 23.015.02.05.429 - Huawei Technologies Co.,Ltd)
Net Speed Meter (HKLM-x32\...\{1FB4A8FC-92D9-4ACA-94E5-01351CC71A30}) (Version: 3.0.3 - Zero Byte)
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.5.8 - Duodian Technology Co. Ltd.)
Office Tab Enterprise (HKLM-x32\...\{E89DCA17-E99C-4186-92EB-912EB010364F}) (Version: 14.50 - ExtendOffice.com) Hidden
Office Tab Enterprise (HKLM-x32\...\Office Tab Enterprise 14.50) (Version: 14.50 - ExtendOffice.com)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Peace (HKLM\...\Peace) (Version: 1.6.4.1 - P.E. Verbeek)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.51.0 - Goversoft LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version:  - Microsoft) Hidden
Smart Defrag 8 (HKLM-x32\...\Smart Defrag_is1) (Version: 8.5.0.281 - IObit)
Soft4Boost Document Converter (HKLM-x32\...\Soft4Boost Document Converter_is1) (Version: Release - Sorentio Systems Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SumatraPDF (HKU\S-1-5-21-1494128663-690690108-2164932681-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
SuperCopier2 (HKLM-x32\...\SuperCopier2) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.195 - Synaptics Incorporated)
TheSage (HKLM-x32\...\TheSage-7) (Version: 7.42.2714 - Sequence Publishing)
theWord (HKLM-x32\...\The Word) (Version: 6.0.0.1527 - Costas Stergiou)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wise Disk Cleaner 10.9.2 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.9.2 - WiseCleaner.com, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 10 - WordWeb Software)
XnView 2.50.2 (HKLM-x32\...\XnView_is1) (Version: 2.50.2 - Gougelet Pierre-e)
Youtube Downloader HD v. 5.3.3 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
YTD Video Downloader 7.4.0.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 7.4.0.3 - Azureus Software, Inc.) <==== ATTENTION
 
Packages:
=========
audiomack -> C:\Program Files\WindowsApps\audiomack.com-8C4EA766_1.0.0.0_neutral__j8eyvfkm909kr [2023-07-13] (audiomack.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-13] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-08-27] (Meta)
Google Keep -> C:\Program Files\WindowsApps\keep.google.com-28152D5D_1.0.0.0_neutral__x6wzt11gmmj3r [2023-08-10] (keep.google.com)
Multi Version Bible -> C:\Program Files\WindowsApps\17348SiphamandlaN.MultiVersionBible_1.1.1.0_x64__cnmz77m8fd77r [2023-06-15] (Siphamandla N)
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.1.1.0_neutral__5byw4zywtsh80 [2023-06-21] (Pinterest Inc.)
Security Verification   LinkedIn -> C:\Program Files\WindowsApps\www.linkedin.com-388E59C3_1.0.0.3_neutral__mjhyd36r1mcqe [2023-07-10] (www.linkedin.com)
Shepherd Bible -> C:\Program Files\WindowsApps\46614NiceView.BibleUniversal_1.1.276.0_x64__mbkqqar0c2q2m [2023-09-16] (NxeCcde24 Labs)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-26] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-09-16] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.9.7.0_x64__t4vj0pshhgkwm [2023-09-16] (Telegram Messenger LLP) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-07-14] (Bytedance Pte. Ltd.)
Twitter -> C:\Program Files\WindowsApps\twitter.com-EF1E79A9_1.0.0.3_neutral__9wdrbcd1pw7ja [2023-07-10] (twitter.com)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2336.7.0_x64__cv1g1gvanyjgm [2023-09-16] (WhatsApp Inc.) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1494128663-690690108-2164932681-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll -> No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [$PowerDVD22] -> {E8C54B6B-C540-43A5-BDDA-2B0038830F63} => C:\ProgramData\CyberLink\PowerDVD22\OpenWith\PDVD_Shell64.dll [2022-05-10] (CyberLink Corp. -> CyberLink Corp.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-06-10] (Goversoft LLC -> )
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-06-10] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-06-10] (Goversoft LLC -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-22] (Mega Limited -> )
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-06-10] (Goversoft LLC -> )
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-10] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-06-10] (Goversoft LLC -> )
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\Desktop\APPS\audiomack.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mkdihegnapdopdbfpaplffhjcghajdca --app-url=hxxps://audiomack.com/?homescreen=1 --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\Desktop\APPS\Proton VPN.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=jmlnodannmnfnbjgmglpoplkfofcpgji
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__mkdihegnapdopdbfpaplffhjcghajdca\audiomack.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mkdihegnapdopdbfpaplffhjcghajdca --app-url=hxxps://audiomack.com/?homescreen=1 --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__jgeocpdicgmkeemopbanhokmhcgcflmi\Twitter.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=jgeocpdicgmkeemopbanhokmhcgcflmi --app-url=hxxps://twitter.com/?utm_source=homescreen&utm_medium=shortcut --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__eloghjaeeccnacngnpkojdlndlkohhmf\Security Verification   LinkedIn.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=eloghjaeeccnacngnpkojdlndlkohhmf --app-url=hxxps://www.linkedin.com/checkpoint/challenge/verify --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__eilembjdkfgodjkcjnpgpaenohkicgjd\Google Keep.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd --app-url=hxxps://keep.google.com/?usp=installed_webapp --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ajinkohnfhbdebdnggdbjkgjflfhcnkk\Pinterest.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=ajinkohnfhbdebdnggdbjkgjflfhcnkk --app-url=hxxps://www.pinterest.com/?utm_source=homescreen_icon --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Proton VPN.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=jmlnodannmnfnbjgmglpoplkfofcpgji
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\audiomack.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mkdihegnapdopdbfpaplffhjcghajdca --app-url=hxxps://audiomack.com/?homescreen=1 --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd --app-url=hxxps://keep.google.com/?usp=installed_webapp --app-launch-source=4
ShortcutWithArgument: C:\Users\Elder Arthur-Kaye\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Twitter.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=jgeocpdicgmkeemopbanhokmhcgcflmi --app-url=hxxps://twitter.com/?utm_source=homescreen&utm_medium=shortcut --app-launch-source=4
 
==================== Loaded Modules (Whitelisted) =============
 
2023-09-20 23:01 - 2023-09-20 23:01 - 002319872 _____ () [File not signed] \\?\C:\Users\Elder Arthur-Kaye\AppData\Local\Temp\1d460b86-07dc-4927-9b66-5946275c823e.tmp.node
2023-06-08 22:49 - 2015-11-30 11:01 - 000098304 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\AboutPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:10 - 001124864 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\AddrBookPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:09 - 000672768 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\AddrBookSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:36 - 001104896 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\AddrBookUIPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:05 - 000646144 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\AtCodec.dll
2023-06-08 22:49 - 2015-11-30 10:14 - 000168960 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\ATR2SMgr.dll
2023-06-08 22:49 - 2015-11-30 10:03 - 000628224 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\Common.dll
2023-06-08 22:49 - 2015-11-30 11:09 - 000119296 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\ConnectMgrUIPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:21 - 000566272 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\core.dll
2023-06-08 22:49 - 2015-11-30 10:07 - 000155136 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DataServicePlugin.dll
2023-06-08 22:49 - 2015-11-30 10:13 - 000732672 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DeviceAppPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:40 - 000651776 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DeviceMgrUIPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:12 - 000734208 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DeviceSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 11:00 - 000315904 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DiagnosisPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:08 - 000236032 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DialUpPlugin.dll
2023-06-08 22:49 - 2015-11-30 16:11 - 000607744 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\DialupUIPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:43 - 000118784 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\LayoutPlugin.dll
2023-06-08 22:50 - 2009-06-23 02:42 - 000043008 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\libgcc_s_dw2-1.dll
2023-06-08 22:49 - 2013-10-26 09:08 - 000692224 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\LiveUpdateInterface.DLL
2023-06-08 22:49 - 2015-11-30 13:54 - 000340480 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\MenuMgrPlugin.dll
2023-06-08 22:50 - 2009-01-10 18:32 - 000011362 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\mingwm10.dll
2023-06-08 22:49 - 2013-12-05 10:36 - 001146880 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NDISAPI.dll
2023-06-08 22:49 - 2015-11-30 10:08 - 000201728 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NDISPlugin.dll
2023-06-08 22:49 - 2015-11-30 13:53 - 000421888 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NetConnectPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:07 - 000158720 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NetConnectSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:14 - 000707072 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NetInfoSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 11:01 - 000597504 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NetInfoUIExPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:08 - 000253952 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NetSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:31 - 000097792 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\NotifyServicePlugin.dll
2023-06-08 22:49 - 2015-11-30 10:06 - 000102400 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\OSAdapt.dll
2023-06-08 22:49 - 2015-11-30 10:06 - 000166912 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\OSDialup.dll
2023-06-08 22:49 - 2015-11-30 10:06 - 000131584 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\OSNDIS.dll
2023-06-08 22:49 - 2015-11-30 10:06 - 000065536 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\OSPowerMgr.dll
2023-06-08 22:50 - 2013-08-31 08:43 - 000306176 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\phonon4.dll
2023-06-08 22:49 - 2015-11-30 10:04 - 000583168 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\PluginContainer.dll
2023-06-08 22:50 - 2013-06-08 03:45 - 000082944 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\plugins\imageformats\qgif4.dll
2023-06-08 22:50 - 2013-06-08 03:45 - 000081920 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\plugins\imageformats\qico4.dll
2023-06-08 22:50 - 2013-06-08 03:45 - 000192000 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\plugins\imageformats\qjpeg4.dll
2023-06-08 22:50 - 2013-06-08 03:45 - 000350720 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\plugins\imageformats\qmng4.dll
2023-06-08 22:50 - 2013-06-08 03:45 - 000370176 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\plugins\imageformats\qtiff4.dll
2023-06-08 22:49 - 2015-11-30 10:07 - 000413696 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\Proxy.DLL
2023-06-08 22:50 - 2013-08-31 05:44 - 002417152 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtCore4.dll
2023-06-08 22:50 - 2013-08-31 05:59 - 009559040 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtGui4.dll
2023-06-08 22:50 - 2013-08-31 05:46 - 001148416 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtNetwork4.dll
2023-06-08 22:50 - 2013-02-18 07:22 - 015675904 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtWebKit4.DLL
2023-06-08 22:50 - 2013-08-31 05:44 - 000398336 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtXml4.dll
2023-06-08 22:50 - 2013-08-31 08:42 - 003962368 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\QtXmlPatterns4.dll
2023-06-08 22:49 - 2015-11-30 13:52 - 000291840 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\sdk.dll
2023-06-08 22:49 - 2015-11-30 10:11 - 000704000 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\SmsAppPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:10 - 000220160 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\SmsSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:31 - 000920064 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\SMSUIPlugin.dll
2023-06-08 22:49 - 2016-03-08 09:02 - 000334848 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\StatusBarMgrPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:10 - 000157184 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\STKSrvPlugin.dll
2023-06-08 22:49 - 2016-03-04 06:27 - 000303104 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\ToolBarMgrPlugin.dll
2023-06-08 22:49 - 2015-11-30 10:04 - 000157696 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\Trace.dll
2023-06-08 22:49 - 2015-11-30 10:10 - 000142336 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\USSDSrvPlugin.dll
2023-06-08 22:49 - 2015-11-30 11:03 - 000910336 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\USSDUIPlugin.dll
2023-06-08 22:49 - 2013-12-05 10:36 - 000155648 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\Win7Support.dll
2023-06-08 22:49 - 2015-11-30 10:05 - 000195584 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\XCodec.dll
2023-06-08 22:49 - 2015-11-30 13:53 - 000283136 _____ () [File not signed] C:\Program Files (x86)\MTN Pocket Internet\XFramePlugin.dll
2023-06-08 22:51 - 2009-06-23 02:42 - 000043008 _____ () [File not signed] C:\ProgramData\MTN Pocket Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2023-06-08 22:51 - 2009-01-10 18:32 - 000011362 _____ () [File not signed] C:\ProgramData\MTN Pocket Internet\OnlineUpdate\mingwm10.dll
2023-06-08 22:51 - 2013-08-31 05:44 - 002417152 _____ () [File not signed] C:\ProgramData\MTN Pocket Internet\OnlineUpdate\QtCore4.dll
2023-06-08 22:51 - 2013-08-31 05:46 - 001148416 _____ () [File not signed] C:\ProgramData\MTN Pocket Internet\OnlineUpdate\QtNetwork4.dll
2023-07-02 02:07 - 2023-09-18 13:19 - 002862080 _____ () [File not signed] C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\ffmpeg.dll
2023-07-02 02:07 - 2023-09-18 13:19 - 000479232 _____ () [File not signed] C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\libegl.dll
2023-07-02 02:07 - 2023-09-18 13:19 - 007513600 _____ () [File not signed] C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\libglesv2.dll
2023-07-02 02:07 - 2023-09-18 13:19 - 005209088 _____ () [File not signed] C:\Users\Elder Arthur-Kaye\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll
2009-08-16 17:45 - 2009-08-16 17:45 - 000100864 _____ (SFX TeAm) [File not signed] C:\Program Files (x86)\SuperCopier2\SC2ShellExt64.dll
2022-06-23 00:43 - 2022-06-23 00:43 - 005979824 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Users\Elder Arthur-Kaye\AppData\Local\MEGAsync\Qt5Core.dll
2023-06-08 22:49 - 2013-12-05 10:36 - 000176128 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\MTN Pocket Internet\mcciwin32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.linkzb.com
SearchScopes: HKU\S-1-5-21-1494128663-690690108-2164932681-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2023-07-21] (IObit CO., LTD -> IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
2023-06-30 00:12 - 2023-07-11 20:37 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1494128663-690690108-2164932681-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 8.8.8.8 - 196.201.62.141
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{66223C83-FE69-4293-8FD5-4B838BA1E1BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39274BFE-3285-496B-9CAF-205D3587DBDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2DCE0816-3107-4D78-A32A-F6CFD9642B18}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe => No File
FirewallRules: [{97AE7EB5-FC69-4E2E-A239-9889B71DB904}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe => No File
FirewallRules: [{37ED8BAF-969A-46B6-A4BC-28822560D904}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A4F22D1B-8362-4F1D-9A7C-6DDCB372FA65}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\ShareModule32\Kernel\DMS\CLMSServerPDVD22.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{4D7D3F4A-7C4B-4BAA-A4A0-A3CAE5F8DBE7}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\PowerDVD22Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{34CFC767-33CB-47E7-90A6-7FF54484D45A}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{34DC78CC-9B79-4F8E-AD2E-6072746689D6}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AA6692ED-5BD8-421B-8AE7-C7122BDBFC09}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\Common\CLMediaServer\clmediaserver.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5D26F17E-0647-48B5-99D8-FA6EB6FA5CC3}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\Common\dynamic_transcode.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F32BCC06-4D38-498A-AB0C-45F046638C7C}] => (Allow) C:\Program Files\CyberLink\PowerDVD22\Common\CLMediaServer\clmediaserver.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{56BE8A39-9199-4F82-9556-8A9C24B606CC}] => (Allow) LPort=31302
FirewallRules: [{F9B44B28-0BF7-4555-8602-9BD91A860093}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [{A1817577-4D10-4EDC-B3B3-939C2C8245DE}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [{3875AD8D-E48A-4907-AD16-499264D4C482}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [{D0E26A77-59C9-4C40-AAC5-FD0A088E30CE}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [{63DD4788-239D-4B95-AE34-5071C835C205}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [{AF19D4A6-1C42-45F8-A65A-20595BC7FE9B}] => (Allow) C:\Users\Elder Arthur-Kaye\Downloads\Programs\AnyDesk.exe => No File
FirewallRules: [TCP Query User{57C6766A-00DB-4F59-BD7B-3277D7A9AD2D}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{8AFBF9CD-02B6-4FFF-ABA7-60E2E1A0A42C}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [{609A5A28-9890-4602-BF2A-1764E6B23349}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{4D95152C-593D-4C51-9E1F-CDF4C03C87E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{FA558361-CDC4-4EFC-AD04-2026CFA22CE1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{53B88978-46AB-4EF7-A426-26B2ED99FCBE}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{84D36065-3EC3-4F49-A46E-4576E3EC7F8C}C:\users\elder arthur-kaye\appdata\local\mightytext\app-6.1.7\mightytext.exe] => (Allow) C:\users\elder arthur-kaye\appdata\local\mightytext\app-6.1.7\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [UDP Query User{54A707C0-4BDC-4D42-9AFC-9FDC71E9032E}C:\users\elder arthur-kaye\appdata\local\mightytext\app-6.1.7\mightytext.exe] => (Allow) C:\users\elder arthur-kaye\appdata\local\mightytext\app-6.1.7\mightytext.exe (Openphone Inc. -> MightyText)
FirewallRules: [{3B9F0AD4-E635-4DC0-A8B8-7DCC733FB759}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{A370DDA8-9272-41B5-A385-0E4FC1447168}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)
FirewallRules: [{BDDD562A-FEFA-4B37-81AA-E962A084E7BD}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{7B8355B6-6764-42B7-951F-0411D7FAA4C1}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{F69603FA-DBB9-4096-920E-20D8FFD5119C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{AA5EB965-461C-44B7-9852-78CFFC270F36}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{5FFF460C-0563-42A4-AE8D-91B4E6EA718B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4CD30B9-7209-4603-BBB5-A89A511370F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D325B1F2-A280-49F0-A8B1-D89E099C931B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F1580A7-9E0A-493E-8420-6EB54E70169B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8DBFCE1-F10A-4482-968A-B7D692D0B569}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C145EB68-595F-4852-A910-97979053FD4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D67C325C-533E-47F6-9DE0-7C2407C575A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B5DF1C74-A618-4DEC-8752-C44801F2E346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F0F5F9CA-C54E-461C-8E74-05CDC175ACA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C25D8AD2-774B-43C0-86C4-8144DD10F8A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{845D87B1-ECE6-4AA0-9BDE-EF19CC472987}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{64E16FD1-D11A-4FB8-9899-8C30BCFD7797}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{22D8D891-4B1B-4FCA-9F8B-0EED73CD8937}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AEC3ED1A-15B4-4602-B537-0B4E8327BF9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7089760C-D46C-4F59-9DE7-AED75804C1E2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{35AF999A-0602-4434-8873-CC6FF3891044}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{222D71DE-7DA5-423A-969A-6DE295EF804B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{F4D25EB6-6AFF-4324-A841-0DD423DCC722}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{436A5FA3-792F-43B0-8D8C-7FA742486632}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{CBA762C5-4E90-44BA-85C7-76E4571AA204}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{9CFD9468-F58B-4AA0-AB31-08BF87AA4C51}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3D18CAE0-F962-46D7-AEB2-5BB373E9D11B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
 
==================== Restore Points =========================
 
15-09-2023 21:49:58 Scheduled Checkpoint
16-09-2023 10:29:23 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/15/2023 09:49:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete re-trim on DATA (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/15/2023 09:49:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete re-trim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (09/20/2023 10:58:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MessagingService_50357 service terminated with the following error: 
The device is not ready.
 
Error: (09/20/2023 10:58:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MTN Pocket Internet. RunOuc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/20/2023 10:58:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the MTN Pocket Internet. RunOuc service to connect.
 
Error: (09/18/2023 03:57:58 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/18/2023 03:57:58 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/18/2023 03:57:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/18/2023 03:57:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (09/18/2023 03:57:06 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
 
Windows Defender:
================
Date: 2023-09-21 00:57:03
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Fakecsrss.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Elder Arthur-Kaye\AppData\Roaming\terra.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Elder Arthur-Kaye\Desktop\FRST64english.exe
Security intelligence Version: AV: 1.397.1174.0, AS: 1.397.1174.0, NIS: 1.397.1174.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-21 00:57:02
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Users\Elder Arthur-Kaye\AppData\Roaming\KMSpico-setup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Elder Arthur-Kaye\Desktop\FRST64english.exe
Security intelligence Version: AV: 1.397.1174.0, AS: 1.397.1174.0, NIS: 1.397.1174.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-18 17:02:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-18 16:40:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-17 04:59:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2023-09-18 16:40:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 1.80 01/27/2014
Motherboard: TOSHIBA Portable PC
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 62%
Total physical RAM: 7634.36 MB
Available physical RAM: 2861.5 MB
Total Virtual: 8850.36 MB
Available Virtual: 2903.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:140 GB) (Free:50.79 GB) (Model: WDC WD5000LPLX-60ZNTT1) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MTN) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive e: (DATA) (Fixed) (Total:325.19 GB) (Free:206.13 GB) (Model: WDC WD5000LPLX-60ZNTT1) NTFS
Drive g: (Google Drive) (Fixed) (Total:100 GB) (Free:48.25 GB) (Model: WDC WD5000LPLX-60ZNTT1) FAT32
 
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2E340C41)
Partition 1: (Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=325.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

#5 biznet

biznet
  • Topic Starter

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:01:24 AM

Posted 20 September 2023 - 08:13 PM

Thank you, Gary.  Copied documents as you requested. Seeing the Bible quote in your signature, indicates you are my Brother! Looking forward to hearing from you. Remain blessed.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted Yesterday, 09:16 AM

Greetings.

I sent you a Personal Message. Let me know if you received it.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·