PDA

View Full Version : Win32.Fynlosk reported - cannot fix



MrIncredible
2022-08-14, 13:44
Hi,

My PC has become erratic and slow to open programs so I ran a scan.
Spybot scan reports Win32.Fynlosk is found
13321

The 'dclogs' folder appears to get files written to it containing my key strokes (file extension .dc)! Geez. Although I select 'Fix Selected' which deletes the folder and files, it will re-appear at different times. I have run a Rootkit analysis/Deep Scan was done on everything and it also found this in the registry which
'Moving into quarantine HKEY_USERS\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\DC3_FEXEC'

For now I have changed the permissions on the dclogs folder so that no further files can be created, but that may not help me at all in the short term.

As per instructions, log files attached
Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by Bob (14-08-2022 11:08:30)
Running from D:\FRST64
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-01-22 21:11:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1182144281-2128924332-3640585907-500 - Administrator - Enabled) => C:\Users\Administrator
Bob (S-1-5-21-1182144281-2128924332-3640585907-1001 - Administrator - Enabled) => C:\Users\Bob
DefaultAccount (S-1-5-21-1182144281-2128924332-3640585907-503 - Limited - Disabled)
Guest (S-1-5-21-1182144281-2128924332-3640585907-501 - Limited - Enabled)
malic (S-1-5-21-1182144281-2128924332-3640585907-1008 - Limited - Enabled)
Mr_Inc (S-1-5-21-1182144281-2128924332-3640585907-1004 - Administrator - Disabled) => C:\Users\Mr_Inc
WDAGUtilityAccount (S-1-5-21-1182144281-2128924332-3640585907-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.13 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\7 Taskbar Tweaker) (Version: 5.13 - Ramen Software)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.83 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.6.2.1818 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.2.1818 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1851 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
Astrometa DVB-T2 (HKLM-x32\...\{D580E2AB-064A-48E1-95B0-1199E5DEEFE7}) (Version: 1.00 - Astrometa)
AutoHotkey 1.1.33.10 (HKLM\...\AutoHotkey) (Version: 1.1.33.10 - Lexikos)
Automatic Mouse and Keyboard 6.1.7.4 (HKLM-x32\...\{BFD646B6-E892-4B00-B6E2-71545D92BAEA}_is1) (Version: - Robot-Soft.com, Inc.)
BatchRename Pro (HKLM-x32\...\BatchRename Pro) (Version: - )
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.7.200.2001 - BlueStack Systems, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\BlueStacks X) (Version: 0.14.1.13 - BlueStack Systems, Inc.)
BT Cloud for Windows (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\BTCloud) (Version: 21.4.10 - BT)
ClipMate 7 (HKLM-x32\...\{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1) (Version: 7 - Thornsoft Development, Inc.)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.0.514 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.514 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{E640FF5E-9022-414D-B665-79C146EDCAA3}) (Version: 22.1.514 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{F30F96B6-EADE-44FF-B202-C8697BC088F8}) (Version: 2.14.626 - Corel corporation) Hidden
CorelDRAW Technical Suite 2020 - IPM (x64) (HKLM\...\{52D2611E-17E2-4AC2-9BB6-0255F453664E}) (Version: 22.2 - Corel Corporation) Hidden
CorelDRAW Technical Suite 2020 - IPM Content (x64) (HKLM\...\{D17AA252-0EDB-4842-9D00-A9A39008450B}) (Version: 22.1 - Corel Corporation) Hidden
CorelDRAW Technical Suite 2020 - IPM Lattice (x64) (HKLM\...\{AD51F620-6B6C-4A5B-9D54-9B62C26C16DB}) (Version: 22.1 - Corel Corporation) Hidden
CorelDRAW Technical Suite 2020 - Writing Tools (x64) (HKLM\...\{60AB95FB-5BF2-405C-A459-616EEC216A90}) (Version: 22.2 - Corel Corporation) Hidden
CorelDRAW Technical Suite 2020 (64-Bit) (HKLM\...\_{D92038D5-781B-4FD6-AE4F-D365ECE818BC}) (Version: 22.2.0.532 - Corel Corporation)
CPUID CPU-Z 2.00 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.00 - CPUID, Inc.)
CrystalDiskInfo 8.17.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.4 - Crystal Dew World)
CrystalDiskMark 8.0.1 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.1 - Crystal Dew World)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 17.3 - Illustrate)
Discord (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
DisplayFusion 10.0 (Beta 16) (64-bit) (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.9.99.116 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 154.4.5363 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.639.1 - Dropbox, Inc.) Hidden
EaseUS CleanGenius 2.4.1 (HKLM-x32\...\EaseUS CleanGenius_is1) (Version: - EaseUS)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Partition Master Suite 16.6 (HKLM-x32\...\EaseUS Partition Master Suite_is1) (Version: - EaseUS)
EaseUS Todo Backup 14.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 14.0 - EaseUS)
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
EasyUEFI version 3.8 (HKLM\...\EasyUEFI_is1) (Version: 3.8 - Hasleo Software.)
Emby Theater (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Emby Theater) (Version: 3.0 - Emby Team)
ENE_DRAM_GSKILL_SE (HKLM\...\{5A6AC577-F8F8-4B6A-B684-13FD7E306CA2}) (Version: 1.0.1.0 - Ene Tech.) Hidden
ENE_DRAM_GSKILL_SE (HKLM-x32\...\{bf49eb2f-f2fb-4631-a95a-1f0cadd21eac}) (Version: 1.0.1.0 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.31 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{cb8809b0-c2ad-40f3-80c7-8ebf6c6f8f63}) (Version: 1.0.3.31 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{aeca6fd4-1d77-499a-b01c-d4521a6b7bff}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden
ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8775D7835}) (Version: 10.25.0.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{eafa6d06-61ee-4d6d-9946-df5550de95b9}) (Version: 10.25.0.4 - ExpressVPN)
FreeDNS Update 1.8.4 (HKLM-x32\...\FreeDNS Update) (Version: 1.8.4 - TechKnow Professional Services)
Galaxy Watch Studio 2.0.1 (HKLM\...\Gear Watch Designer) (Version: 2.0.1 - Samsung Electronics)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 62.0.1.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{E60C4953-B75D-4551-9C31-9E4932B4FAA1}) (Version: 1.0.551 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
GrabIt 1.7.5 Beta 3 (build 1022) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HHD Software Free Hex Editor Neo 6.54 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.54.02.6790 - HHD Software, Ltd.)
HWiNFO64 Version 7.06 (HKLM\...\HWiNFO64_is1) (Version: 7.06 - Martin Malik - REALiX)
i1Studio1.5.0 (HKLM-x32\...\i1Studio_is1) (Version: 1.5.0 - X-Rite)
IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20210125 - )
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.1.1- - Inkscape)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Java(TM) SE Development Kit 18.0.2 (64-bit) (HKLM\...\{EA16FB93-3AC2-538A-A3AD-03372A6682EA}) (Version: 18.0.2.0 - Oracle Corporation)
Kutools for Excel 16.50 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 16.50 - Addin Technology Inc.)
Kutools for Excel 16.50 (HKLM-x32\...\Kutools for Excel 16.50) (Version: 16.50 - Addin Technology Inc)
LAV Filters 0.76.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.76.1 - Hendrik Leppkes)
LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.3.5 - Hermann Schinagl)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
Marcs Updater (HKLM\...\{B7D5E900-AF40-11DD-AD8B-0800200C9A66}_is1) (Version: 1.5.3.305 - Marc Hörsken)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.8 (x64) (HKLM\...\{6950FA03-8B88-4675-B685-FB21CA1762CC}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.8 (x64) (HKLM\...\{3C3CA326-3F1D-43B7-B0AD-CBC06B2DED5A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x64) (HKLM\...\{7CEA3ABF-FE24-42AF-ADE6-B4A3EE346743}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15427.20194 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.156.0724.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Teams) (Version: 1.5.00.21463 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.15427.20194 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{90120064-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{90F60409-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.28 (x64) (HKLM\...\{258184C9-1C62-47DB-9CA2-7BB24E9145C0}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.28 (x64) (HKLM-x32\...\{263b65f5-7e4d-4df3-b94b-a8e8983179cf}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM\...\{EB3983F9-3D60-456D-A11A-C1366C79AD3E}) (Version: 48.35.45540 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM-x32\...\{ca35acb3-b442-44fb-924c-4448120bf689}) (Version: 6.0.8.31518 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 103.0.2 (x64 en-GB)) (Version: 103.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0 - Mozilla)
Mozilla Thunderbird 78.8.1 (x64 en-US) (HKLM\...\Mozilla Thunderbird 78.8.1 (x64 en-US)) (Version: 78.8.1 - Mozilla)
Mp3tag v2.45a (HKLM-x32\...\Mp3tag) (Version: v2.45a - Florian Heidenreich)
MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2021.1224.01 - MSI)
MSI Kombustor 4.1.12.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
Multi-Sub Optimizer 1.1.9.1 (HKLM-x32\...\Multi-Sub Optimizer) (Version: 1.1.9.1 - Bass-O-Matic)
NoDrives Manager 1.2.0 (HKLM-x32\...\NoDrives Manager) (Version: 1.2.0 - Hagon)
NVIDIA FrameView SDK 1.2.7704.31296923 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7704.31296923 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 516.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version: - nzbget.net)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Open-Shell (HKLM\...\{F4B6EE58-F183-4B0D-930B-4480673C0F5B}) (Version: 4.4.160 - The Open-Shell Team)
Oracle VM VirtualBox 6.1.36 (HKLM\...\{8B78A2AB-34B5-4546-8CCF-B78C916BBD98}) (Version: 6.1.36 - Oracle Corporation)
Peace (HKLM\...\Peace) (Version: 1.6.2.6 - P.E. Verbeek)
PerformanceTest v10 (HKLM\...\PerformanceTest 10_is1) (Version: 10.1.1000.0 - Passmark Software)
PowerToys (Preview) (HKLM\...\{9910B55C-10DC-4349-930D-306BA07C760B}) (Version: 0.61.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{b6903a05-8ad0-4e66-8afe-32f167e55270}) (Version: 0.61.0 - Microsoft Corporation)
Pulse-Eight USB-CEC Adapter driver (HKLM-x32\...\Pulse-Eight USB-CEC Adapter driver) (Version: - Pulse-Eight Limited)
Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.051.0811.2021 - Realtek)
REW 5.20.9 (HKLM\...\4549-9647-2313-4375) (Version: 5.20.9 - John Mulcahy)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
Rubberduck (Current User) 2.5.2.5906 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\{DF0E0E6F-2CED-482E-831C-7E9721EB66AA}_is1) (Version: 2.5.2.5906 - Rubberduck)
SABnzbd 3.5.1 (HKLM-x32\...\SABnzbd) (Version: 3.5.1 - The SABnzbd Team)
Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sandboxie-Plus v0.7.2 (HKLM\...\Sandboxie-Plus_is1) (Version: 0.7.2 - hxxp://xanasoft.com/)
SBMConsoleV2 (HKLM-x32\...\SBMConsoleV2_is1) (Version: - 2BrightSparks)
SBMServiceV2 (HKLM-x32\...\SBMServiceV2_is1) (Version: - 2BrightSparks)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.9.2.0 - Seagate)
Seagate Drive Settings Installer (HKLM-x32\...\{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC) Hidden
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 14.1.0 - ShareX Team)
Sky Go 22.7.1.0 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\com.bskyb.skygoplayer_is1) (Version: 22.7.1.0 - Sky)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.8 - Safer-Networking Ltd.)
Startup Delayer v3.0 (build 366) (HKLM-x32\...\Startup Delayer) (Version: 3.0 (build 366) - r2 Studios)
SyncBackPro x64 (HKLM-x32\...\SyncBackPro64_is1_is1) (Version: 10.2.39.0 - 2BrightSparks)
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.2.0 - Helios)
TIDAL (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\TIDAL) (Version: 2.30.0 - TIDAL Music AS)
TVR 4.8.2 (HKLM-x32\...\DTV_1.0) (Version: 4.8.2 - Astrometa)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wake-On-LAN Sender 2.0.12 (HKLM-x32\...\Wake-On-LAN Sender_is1) (Version: 2.0.12 - Alexander Yarovy)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WhatsApp (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\WhatsApp) (Version: 2.2228.14 - WhatsApp)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 1.33.0.0 - Winaero)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 5.21.2 (HKLM-x32\...\winscp3_is1) (Version: 5.21.2 - Martin Prikryl)
X-Rite Device Services Manager (HKLM\...\{9E7734B1-71D2-4C78-9C55-0A8E0EEDB3A5}) (Version: 3.1.110.130 - X-Rite)
XYplorer 23.00 (HKLM-x32\...\XYplorer) (Version: 23.00 - Donald Lessau, Cologne Code Company)
Zoom (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08 [2022-08-05] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2331.2.0_x64__kgqvnymyfvs32 [2022-08-08] (king.com)
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.4.6.0_neutral__yxz26nhyzhsrt [2022-08-08] (Microsoft Corp.)
Date Picker for Excel -> C:\Program Files\WindowsApps\UniformSoftwareLimited.DatePickerforExcel_6.14.111.0_x64__nm35t2p0dgqtm [2022-07-22] (Uniform Software Limited)
Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktopWallpapers_1.2.17.0_neutral__agy8jafheqhng [2022-07-07] (Ambient Software) [Startup Task]
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.34.1.0_x64__6rarf9sa4v8jt [2022-07-29] (Disney)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.1.5965.0_x64__rz1tebttyb220 [2022-07-30] (Dolby Laboratories)
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p [2022-04-10] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-29] (Microsoft Studios) [MS Ad]
Mouse Gestures -> C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.50.0_x64__kzh8wxbdkxb8p [2022-07-07] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_1.0.42.0_x64__kzh8wxbdkxb8p [2022-04-10] (MICRO-STAR INTERNATIONAL CO., LTD)
Nebo -> C:\Program Files\WindowsApps\VisionObjects.MyScriptNebo_3.4.12933.0_x64__1rjv6qr7skr92 [2022-07-07] (MyScript)
NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2022-04-10] (Bruno Giordano)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-07-10] (NVIDIA Corp.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2022-07-07] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-12] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-04-10] (Realtek Semiconductor Corp)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2022-04-10] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2228.14.0_x64__cv1g1gvanyjgm [2022-08-10] (WhatsApp Inc.)
Windows App Runtime DDLM 3.469.1654.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x6_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
Windows App Runtime DDLM 3.469.1654.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x8_3.469.1654.0_x86__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.811.2117.484_neutral__8wekyb3d8bbwe [2022-08-11] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2022-06-15] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x86__8wekyb3d8bbwe [2022-06-15] (Microsoft Corporation)
WindowsAppRuntime.Main.1.0 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsAppRuntime.Main.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2022-06-15] (Microsoft Corp.)
WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-01B2-B5E6-5448D0C39AF7} -> [contegosafety.co.uk] => C:\Users\Bob\contegosafety.co.uk [2021-05-18 09:38]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-5181-AD22-71FA141D72F4} -> [Numerical Algorithms Group Ltd] => C:\Users\Bob\Numerical Algorithms Group Ltd [2021-07-20 13:56]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-B16E-553D-D70123E598C1} -> [Gradient] => C:\Users\Bob\Gradient [2022-01-24 13:17]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-C544-0519-24EB3E3C2825} -> [OneDrive - Gradient] => C:\Users\Bob\OneDrive - Gradient [2022-01-29 02:10]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{36B27788-A8BB-4698-A756-DF9F11F64F84}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{45769bcc-e8fd-42d0-947e-02beef77a1f5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F697-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F699-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DA-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DC-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DD-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bob\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{8BC8AFC2-4E7C-4695-818E-8C1FFDCEA2AF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions) [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{afbd5a44-2520-4ae0-9224-6cfce8fe4400}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{BFEE99B4-B74D-4348-BCA5-E757029647FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ddee2b8a-6807-48a6-bb20-2338174ff779}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Bob\Dropbox [2021-06-15 17:22]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ec52dea8-7c9f-4130-a77b-1737d0418507}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1-x32: [BatchRename Shell] -> {407B7FEE-9820-4B36-A1BF-6469C52300A0} => C:\Program Files (x86)\BatchRename Pro\BatchRenShell.dll [2008-06-15] (foryoursoft.com) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2022-07-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\nvshext.dll [2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [BatchRename Shell] -> {407B7FEE-9820-4B36-A1BF-6469C52300A0} => C:\Program Files (x86)\BatchRename Pro\BatchRenShell.dll [2008-06-15] (foryoursoft.com) [File not signed]
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2020-09-26] (Open-Shell) [File not signed]
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
ContextMenuHandlers1_S-1-5-21-1182144281-2128924332-3640585907-1001: [TextPad] -> {ABECE8A0-FF84-4efb-82AE-9B3181CE097D} => C:\Program Files (x86)\TextPad 5\System\shellext64.dll [2007-03-27] (Helios Software Solutions) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Bob\Dropbox\StartNAS_Wait.bat - Shortcut.lnk -> C:\Users\Bob\Dropbox\StartNAS_Wait.bat ()
Shortcut: C:\Users\Bob\Documents\scrcpy-win64\Wake_Shield.bat - Shortcut.lnk -> C:\Users\Bob\Documents\scrcpy-win64\Wake_Shield.bat ()
Shortcut: C:\Users\Bob\Desktop\Shield.lnk -> C:\ProgramData\chocolatey\lib\scrcpy\tools\Wake_Shield.bat ()
Shortcut: C:\Users\Bob\Desktop\Gradient Files\Shield.lnk -> C:\ProgramData\chocolatey\lib\scrcpy\tools\Wake_Shield.bat ()
Shortcut: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rubberduck\Repair VBE Addin registration.lnk -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.RegisterAddIn.bat ()
Shortcut: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
ShortcutWithArgument: C:\Users\Bob\Desktop\Bob.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Bob"
ShortcutWithArgument: C:\Users\Bob\Desktop\Gradient.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Gradient"
ShortcutWithArgument: C:\Users\Bob\Desktop\Miscellaneous\Bob (Gradient) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile2"
ShortcutWithArgument: C:\Users\Bob\Desktop\Miscellaneous\Bob - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="default"
ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HTTP Archive Viewer.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Profile2 --app-id=ebbdbdmhegaoooipfnjikefdpeoaidml
ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bob - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="default"
ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Coretime Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile2"
ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Bob (Gradient) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Profile2

==================== Loaded Modules (Whitelisted) =============

2022-05-15 18:23 - 2022-04-24 16:06 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2022-05-15 18:23 - 2022-04-24 16:06 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 001664512 _____ () [File not signed] C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2022-08-14 10:25 - 2017-03-14 15:51 - 001714688 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy64.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 000011776 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Reaver.SuperResolution.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 000024576 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Reaver.SystemControlWin32.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 076321280 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.dll
2021-12-13 19:34 - 2021-12-13 19:34 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\e_sqlite3.dll
2022-02-10 13:53 - 2022-02-10 13:53 - 000164352 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\libpryon_lite-PRL2000.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 006132224 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\NativeRingService.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 000050176 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Components.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 000027136 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Http.Curl.Shim.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 000032256 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Intel.Shim.dll
2021-03-21 11:51 - 2009-08-16 18:06 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2022-07-22 14:53 - 2022-07-22 14:53 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2022-07-22 14:53 - 2022-07-22 14:53 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2022-06-05 10:28 - 2021-01-07 18:01 - 000034304 _____ (Atif Aziz, Colin Ramsay) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Fizzler.dll
2021-12-30 17:44 - 2018-11-15 15:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\IcMSIDll.dll
2022-05-15 18:23 - 2022-04-24 16:06 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2007-03-27 14:23 - 2007-03-27 14:23 - 000058368 _____ (Helios Software Solutions) [File not signed] C:\Program Files (x86)\TextPad 5\System\shellext64.dll
2021-10-30 15:44 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-03-13 13:19 - 2022-03-13 13:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2022-03-13 13:19 - 2022-03-13 13:19 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2022-06-05 10:28 - 2022-04-11 14:16 - 000753152 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Svg.dll
2021-12-30 17:44 - 2018-08-31 08:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\MsIo32_Galax.dll
2020-09-26 14:47 - 2020-09-26 14:47 - 000975872 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\ClassicExplorer64.dll
2020-09-26 14:47 - 2020-09-26 14:47 - 002659328 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2020-09-26 14:48 - 2020-09-26 14:48 - 000562688 _____ (Open-Shell) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2022-06-05 10:28 - 2022-05-07 20:49 - 000441856 _____ (Sentry.io) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Sentry.dll
2022-06-05 10:28 - 2022-04-21 10:18 - 001801216 _____ (Six Labors) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\SixLabors.ImageSharp.dll
2022-08-12 11:53 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2022-07-22 14:53 - 2022-07-22 14:53 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2022-05-06 19:56 - 2022-05-06 19:56 - 002609152 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\libcurl.dll
2022-06-05 10:28 - 2020-10-26 12:35 - 002398208 _____ (The Legion of the Bouncy Castle Inc.) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\BouncyCastle.Crypto.dll
2022-05-30 15:34 - 2020-06-17 11:01 - 001380864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\2BrightSparks\SBMServiceV2\libeay32.dll
2022-05-30 15:34 - 2020-06-17 11:01 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\2BrightSparks\SBMServiceV2\ssleay32.dll
2022-05-15 18:23 - 2022-04-24 16:06 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2022-05-15 18:23 - 2022-04-24 16:06 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
2022-08-12 11:53 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-08-12 11:53 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2021-03-20 21:26 - 2020-06-17 11:01 - 002293248 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\2BrightSparks\SyncBackPro\libeay32.dll
2021-03-20 21:26 - 2020-06-17 11:01 - 000386560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\2BrightSparks\SyncBackPro\ssleay32.dll
2022-07-22 14:53 - 2022-07-22 14:53 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2022-07-22 14:53 - 2022-07-22 14:53 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
2022-07-30 11:28 - 2021-04-14 08:51 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\libcrypto-1_1.dll
2022-07-30 11:28 - 2021-04-14 08:51 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\libssl-1_1.dll
2022-01-12 17:46 - 2016-10-04 05:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\SDKDLL.dll
2021-09-12 18:20 - 2021-09-12 18:20 - 000266752 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bass.dll
2021-09-12 18:20 - 2021-09-12 18:20 - 000112640 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bassmidi.dll
2021-09-12 18:20 - 2021-09-12 18:20 - 000045056 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bassmix.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 001502208 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1iO.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 003962368 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Pro.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 001492480 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1iO3.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 003992576 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1Pro3.dll
2020-01-30 17:18 - 2020-01-30 17:18 - 000150016 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1pro3.xrdevice
2020-01-30 17:17 - 2020-01-30 17:17 - 002359296 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1isis\EyeOne_iSis.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 001019392 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Fun.dll
2020-01-30 17:17 - 2020-01-30 17:17 - 001162752 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1Pro3Fun.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [213]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2020-09-26] (Open-Shell) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2020-09-26] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
Toolbar: HKLM - &ClipMate ClipBar v7.5 - {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll [2013-03-20] (Thornsoft Development, Inc. -> Thornsoft Development, Inc)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\PE_C_.NET V4.5\...\007guard.com -> install.007guard.com
IE restricted site: HKU\PE_C_.NET V4.5\...\008i.com -> 008i.com
IE restricted site: HKU\PE_C_.NET V4.5\...\008k.com -> www.008k.com
IE restricted site: HKU\PE_C_.NET V4.5\...\00hq.com -> www.00hq.com
IE restricted site: HKU\PE_C_.NET V4.5\...\010402.com -> 010402.com
IE restricted site: HKU\PE_C_.NET V4.5\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\PE_C_.NET V4.5\...\0scan.com -> www.0scan.com
IE restricted site: HKU\PE_C_.NET V4.5\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\PE_C_.NET V4.5\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\PE_C_.NET V4.5\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\PE_C_.NET V4.5\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\PE_C_.NET V4.5\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\PE_C_.NET V4.5\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\PE_C_.NET V4.5\...\10sek.com -> www.10sek.com
IE restricted site: HKU\PE_C_.NET V4.5\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\PE_C_.NET V4.5\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\PE_C_.NET V4.5\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\PE_C_.NET V4.5\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\PE_C_.NET V4.5\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\PE_C_.NET V4.5\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\007guard.com -> install.007guard.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\008i.com -> 008i.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\008k.com -> www.008k.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\00hq.com -> www.00hq.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\010402.com -> 010402.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\0scan.com -> www.0scan.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\10sek.com -> www.10sek.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\007guard.com -> install.007guard.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008i.com -> 008i.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008k.com -> www.008k.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\00hq.com -> www.00hq.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\010402.com -> 010402.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\0scan.com -> www.0scan.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\10sek.com -> www.10sek.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-15 16:34 - 2022-08-14 10:04 - 000328490 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 app-sj01.marketo.com*
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 analytics.rollout.io
0.0.0.0 a.fiksu.com
0.0.0.0 sdk.fiksu.com
0.0.0.0 static.hotjar.com
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.servers.getgo.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 h.online-metrix.net
0.0.0.0 analytics.paddle.com
0.0.0.0 carcharodon.trendmicro.com
0.0.0.0 cdn.segment.com
0.0.0.0 api.segment.io
0.0.0.0 mobile-service.segment.com

2021-11-03 14:51 - 2021-11-03 14:55 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\dBpoweramp;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Python27;C:\Program Files (x86)\EaseUS\Todo Backup\bin;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\PE_C_.NET V4.5\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\PE_C_.NET V4.5 CLASSIC\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\PE_C_DEFAULTAPPPOOL\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\DisplayFusion\Wallpaper_1.png
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_1.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\StartupApproved\Run: => "LogiBolt"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "LogiBolt"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "GoogleDriveFS"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2E20CC40-9CDF-4E9A-B3A2-DE160C1E4643}] => (Allow) LPort=32682
FirewallRules: [UDP Query User{4DDB7D3C-B14C-4CFB-8AC6-86FBDE0C88F3}C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe => No File
FirewallRules: [TCP Query User{0838995E-02B0-42D1-BB2B-C572F344547F}C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe => No File
FirewallRules: [UDP Query User{CF4198A7-B80F-4F38-8F3B-378D1EC55DB1}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{E7237AAF-2B3E-4F21-8954-6A45FA32BEE0}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
FirewallRules: [{6209463D-38B3-442A-AD13-73D8FD619287}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [{77FF66F1-E9B5-4634-86E6-65C62BDA92B5}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [{933D5555-ADB7-4C5C-A808-DF4681EE6FAA}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [{A2AC5FAA-E7CE-4052-B75A-5A8723B2A6EC}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [{6C24BFA4-6C86-43E0-95EC-EF7C7EDFF4D4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{59363364-FE71-4560-9A1C-0C3AF200B5D2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{0651473B-DD1C-41BC-84B7-DC6E63DA3F4E}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BDF8BCEC-E580-4F15-8C3A-F2FA5C968A09}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A9855F24-BA81-4642-B70A-4AD5FCCCD52C}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4285BF2B-814C-408A-9025-238082B986A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{D20AB119-6373-42B6-B7D0-CB0FCAB12031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [UDP Query User{7D0BAB81-ACF3-4276-97EA-96419D516663}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{F1A3EAA9-E5BC-4CDB-8BA3-7D043D72E61F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E2FB62E5-0CE5-4E2D-824D-47AE733024E9}] => (Allow) C:\Program Files\Marcs Updater\Marcs Updater.exe (Open Source Developer, Marc Hörsken -> Marc Hörsken)
FirewallRules: [{CEFD070A-418E-43BB-9593-AEC49D53F9CA}] => (Allow) C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe () [File not signed]
FirewallRules: [{80732829-2300-4737-8750-0BF987AF3B36}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{23582651-FBE0-4040-B21C-12C59CE15025}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{313190DD-5D08-49A7-AD79-062603A4ED04}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{A3ACF260-8B34-45E9-9A7E-A0245C6D8495}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{1865478C-C321-4F8A-9917-5B4AF5C6BC97}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{E7A2A53C-9EE5-4C7F-83CA-226C8297DDDA}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{9CA2861E-0E4D-44F9-AB3C-3D17F05B5848}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
FirewallRules: [{04F9D5C7-57E4-4B19-9522-9A93BAA6A578}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
FirewallRules: [{7FA052FE-C5A5-4B88-9A49-EA3FD0D5A5A4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
FirewallRules: [{78AAA5FA-E70D-4E0D-9933-1FAAD72E0B70}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
FirewallRules: [{ADD92530-E5CB-4D6C-B8BE-3FEA14DEBE14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
FirewallRules: [{DDE6CE52-9F30-4CE2-A6B7-275BA49D29D2}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
FirewallRules: [{A078ECAE-0237-46C5-8E09-0216E44B6E3C}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
FirewallRules: [{D11DDA8C-291D-4456-83FB-537BDE67D0AF}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
FirewallRules: [{26179CE7-2B91-4DA4-AFCE-50C24E713E17}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{1BB65282-F2AF-42BF-9017-FC5E14058BC6}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{A4A93038-A795-427F-AB9E-F4F7D5978E14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{E7C37D08-1848-48D4-BF8E-A1059743AA0E}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{8F354961-D964-41E9-A47F-A21858D14DBB}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
FirewallRules: [{FB1298C0-8189-4D6D-9503-58A7BAC457C1}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
FirewallRules: [TCP Query User{C8A6CDF1-8ED1-488D-A2C5-B9ACD1FE283B}C:\users\bob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\bob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{691AE282-6E72-4331-805B-62A8B3F389BD}C:\users\bob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\bob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B5510138-266B-4C0C-8CF0-75127221286F}C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{B832207B-277F-4557-829B-D8C67041F769}C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [TCP Query User{5B29A39D-F18C-4AD5-A039-5F071753EB91}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{E98D3FF4-3001-4417-8429-42701FD27CBD}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{535396DD-C819-4D42-9C2D-E5FF3B92309F}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Connect64\Connect.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{A488E094-DDAF-494F-A626-C8623EFB9A93}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Connect64\Connect.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{9A9A201F-CB14-4180-809F-4B1326C09B3A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\CorelPS2PDF.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{18711DC2-BF37-49C2-8F17-EDEB72178E78}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\CorelPS2PDF.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{4CE03474-0F05-4700-B432-FCD2502E28F5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvert.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{04B986FC-BE40-4A57-B293-2E7C883A6435}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvert.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{D0130BF4-793E-414D-84B0-95D66874DCF4}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvertInstaller.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{A10BA95F-E6FB-4FD6-9A59-810E7BEEA871}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvertInstaller.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{9AF69C40-9182-452C-BFC4-F550FD894D9A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\BarCode.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{65E6A799-0C60-4BEF-B315-AB0480001E7A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\BarCode.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{9E0073AD-0272-45A9-A575-EAE514620274}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CdrConv.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{20356890-1914-432F-A2ED-DFA903176208}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CdrConv.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{31C212B7-977C-4CC1-8F4D-2F56B05E7E50}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelDRW.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5FF551FC-9ABA-412E-ABAE-A4B58E9A7B12}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelDRW.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{EA72EEE5-F96D-4A78-A0A1-7E03A8A11CB3}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{6BA2811F-F7A4-49D2-B2CE-3E9DB915FDA5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{CEBDFFF2-F755-417A-AFC8-EE5798C0255F}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CrlUISvr.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{098C3D97-7B68-4041-8056-E4B0052D2210}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CrlUISvr.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{D6EA38CA-F3F1-4555-BD6A-EFBF3642F78B}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\Designer.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{9B6AE120-16E6-4028-8024-45487DEF05A5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\Designer.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{40FACE51-0721-44C2-BA7D-E2FC991EEA42}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\FontService.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{BA98E2EE-3B8F-412A-8ED9-F8D275F62EE7}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\FontService.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{290F8143-ED78-4CB7-803D-F07C26A7868C}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\InterprocessController.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{44961956-5B54-4324-9C72-BD72AF405268}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\InterprocessController.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{22663852-4739-40C5-ACD8-497227DBB1AA}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\IPPInstaller.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{B2AAD368-39A5-4434-B407-9B1085D98D43}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\IPPInstaller.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{CE1F1290-CAED-46A4-8418-392A54183100}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\PrintWiz.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{4F6F0255-C8AC-486A-A330-A931FAB889DD}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\PrintWiz.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{27A43D21-E3B5-446E-8ED2-54CE291CF06A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\RegisterCDTS.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{EB7F7A81-4003-4CE6-A044-8D9A4FE4E0A6}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\RegisterCDTS.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{A62D123B-6295-424D-A821-1AE9D50B3F32}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\Setup.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{10C31BD3-7158-4801-9A9A-352C0163EA95}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\Setup.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{24CE1021-EDDF-4022-815D-61B08013D34A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\SetupARP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{6603CB8F-AC85-41AF-8A23-B0513330A9FB}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\SetupARP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{22A4F805-573F-45D6-8CA7-91FDD978CADE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5B84AB25-DE16-4FD6-B5D6-436A345C5099}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{F47F4BBA-597B-4087-B846-320DD9953790}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{2BF313DD-626F-480F-9361-0205BE3ABCA3}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{79911674-88D9-4C33-BD44-CC7A96F1A0A1}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
FirewallRules: [{EB41D21A-6648-42B8-8514-598CAA8FC310}] => (Allow) LPort=6789
FirewallRules: [TCP Query User{65171673-A781-4301-933B-05D55A523348}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{125BF98B-0375-4900-8356-410265F2FA58}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
FirewallRules: [{9FAC8484-FED8-4FDE-992D-6CAAC727B067}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [{ED24C4B2-94B1-4A42-BA31-5B1E646BDC36}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
FirewallRules: [TCP Query User{514B5D7D-9148-466B-9D16-582B673AFCBD}C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{99995C9C-B7EF-4996-A385-65D0F2743EC4}C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{6F61A388-3937-4848-AD50-6EBF9D7EAB50}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
FirewallRules: [{D6041A70-FC4D-4CA1-A620-1936DA95A6C3}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
FirewallRules: [{E51060CC-DCCD-4BB8-9BAC-320FBFD6F2B5}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [{1F5B4E56-2065-4149-BF76-AC4B11C73B9E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B3EF130-DCE6-4180-AE05-6B5398137B66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{64B1333E-344D-4399-BB57-5DCEB35553EF}C:\program files\galaxy watch studio\galaxywatchstudio.exe] => (Allow) C:\program files\galaxy watch studio\galaxywatchstudio.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{0E9D817F-9720-4591-8974-E7FE0E0647CD}C:\program files\galaxy watch studio\galaxywatchstudio.exe] => (Allow) C:\program files\galaxy watch studio\galaxywatchstudio.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query User{91E37829-9397-4F3A-9FDE-565CFC2BCC4D}C:\program files\galaxy watch studio\tizen\tools\sdb.exe] => (Allow) C:\program files\galaxy watch studio\tizen\tools\sdb.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{A26AF322-D0C7-4E60-A5E9-343CD3DA40C9}C:\program files\galaxy watch studio\tizen\tools\sdb.exe] => (Allow) C:\program files\galaxy watch studio\tizen\tools\sdb.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{DCEFCEEC-1C18-4898-A41A-444280E2B4AC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{B9B293AA-7F08-40F8-9C63-DB1C856510AD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{58732D40-7F51-44C5-A565-2AD15C252AD3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{BB6C6413-DC63-4C7B-B5A1-FCCB4735EAB0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{F57391EC-43FD-4910-BCC0-38259ECDB8BD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{92FCCC40-3437-46FB-A3AE-DC7517C81F2C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{C07B676B-D4DD-4959-8069-5C0EE1E86C3F}] => (Allow) C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)
FirewallRules: [{AD75A8A4-93E8-4D09-8CC2-90BB4977FCF5}] => (Allow) C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
FirewallRules: [{44A5EED4-4AC4-4AA6-8E46-6CE942512B4E}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{DB6CE225-82CC-49CD-9CA4-31FDFD876FAB}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{82E48A0A-074F-4986-8981-D447EF70A116}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{D3A72666-8964-4CD7-B9B1-E88401A23A5D}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{0DEEDF41-0B12-4116-A21E-A57521559A26}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{E0D09879-7CD3-48DE-A3D3-715C9E5FB897}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{03578454-2CAA-41AC-9968-2AC4D0AA8AA3}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{E73A7B3E-F8A1-4F52-97CB-6A899218DED7}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{4D8BD6F8-AB28-4016-86C6-CFB3426048FB}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{44C6A679-3691-4942-BAF7-27A74EF242DE}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{67FE3314-8EAC-4031-87F2-1F7BC4B6C754}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{912263CB-20F7-4A26-A44D-D91249DAF4FE}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{C77F444B-B62D-494E-BB82-440B3B487369}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{225F4E53-8933-4490-A9E1-FA8AB1F006F4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{49414D78-01CD-4EBC-A486-311C5EF05BC9}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionWebBrowserProxy.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{A0D3DE9E-5E93-4315-9F76-AC25B1CC318B}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionWebBrowserProxy.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{9489D0B9-3D12-449A-A0E2-7BBEAA70DA72}] => (Block) C:\Program Files (x86)\DisplayFusion\unins001.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [{7A43F454-F356-4D23-A03F-B75697617C77}] => (Block) C:\Program Files (x86)\DisplayFusion\unins001.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
FirewallRules: [TCP Query User{62CFBA62-6DF7-4F15-8BDD-06DED3BFC74F}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
FirewallRules: [UDP Query User{95BACF11-F3D8-4FA1-8479-5D82C9EBE517}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
FirewallRules: [{EFD74D45-368C-43F4-B81E-9EC62ED53120}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2EE573D7-06C6-4D34-8ED8-AA3DE19A96D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{EFB22841-96B8-4F64-AB07-05C74C9A2C67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9C293EA8-A203-4DB3-9C0D-997E88419E01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{99FDF259-46B9-4C96-9188-307A0C200E00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9797CDF2-40D6-48DE-BFB7-A4D82D37252D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{210942CC-4A95-49DB-B0B6-44674807246C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{227980D6-D543-4717-A197-6C2E688CED7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB372AC7-6A1F-4D6F-91FB-A84A35EEB911}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E45A287-2532-4214-A972-C3BCDF0AF4D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F8BBF6A-9453-4FB9-8472-455866E5B15C}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{B3889E32-B1B2-406C-B876-2388D4CA23A7}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{88F257DB-6152-4CF1-882C-7669C95D1459}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{F5091196-AB2F-4F8D-87AA-95C285D1A4FC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [TCP Query User{9289CF16-B6B8-4D11-B11B-A87327B65C9B}C:\program files\aquila technology\wakeonlan\wakeonlan.exe] => (Allow) C:\program files\aquila technology\wakeonlan\wakeonlan.exe => No File
FirewallRules: [UDP Query User{9A84B66D-E4D0-4793-84C4-5B0F05E1311D}C:\program files\aquila technology\wakeonlan\wakeonlan.exe] => (Allow) C:\program files\aquila technology\wakeonlan\wakeonlan.exe => No File
FirewallRules: [{C5589044-7974-4A7C-B246-36B663A4FDEB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{80D60984-3C7F-463F-926F-0C35C7D65765}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5B5F4D63-76EB-4FF8-BDA0-188965EC3221}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C3DA7CEE-DDE0-47CC-9668-BF7C980D1199}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{520DA2AF-18F8-4421-87B4-88DD27B58A19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D26213B0-3784-43D9-8691-5787706B641A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{694B1D4C-A1CD-47E6-A4B6-A73EAF0CA74F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{542965AB-627A-4046-ADC5-6A8BA21DB16C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2BD97239-C28D-4A73-8311-7698A4A3B241}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D58A0535-5F3E-4F57-8B52-CE889DAAA425}C:\program files\java\jdk-18.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-18.0.2\bin\javaw.exe
FirewallRules: [UDP Query User{2CC4B705-1398-4CFE-AFC1-C91D870F542C}C:\program files\java\jdk-18.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-18.0.2\bin\javaw.exe
FirewallRules: [{B889AFC4-858B-42BB-97A9-89C5E6D08A39}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BB91C577-17DD-4118-A46C-D7F31DBEE9F5}] => (Allow) LPort=9
FirewallRules: [{400AC16F-F4ED-4F43-8CCE-0104D390A749}] => (Allow) C:\Users\Bob\AppData\Local\Programs\Opera\89.0.4447.91\opera.exe => No File
FirewallRules: [{B194A1DD-F23B-40ED-9427-EB04C2E4E352}] => (Allow) LPort=32682
FirewallRules: [{06FF119F-2418-4764-B0FC-323E93D068E8}] => (Allow) LPort=26822
FirewallRules: [{62358E06-784A-41A6-8EC9-422D57A52646}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/14/2022 11:06:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 4.8.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8378

Start Time: 01d8afc563cb65c2

Termination Time: 4294967295

Application Path: D:\Downloads\FRST64.exe

Report Id: 17433052-8a25-4258-8058-a69cedcbb29f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (08/14/2022 10:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: teracopy.exe, version: 3.2.0.0, time stamp: 0x5965a745
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1889, time stamp: 0xdc0d8494
Exception code: 0xc000041d
Fault offset: 0x0012ca42
Faulting process ID: 0x1d8c
Faulting application start time: 0x01d8afc0122a7e6d
Faulting application path: C:\Program Files\TeraCopy\teracopy.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: a874f08a-8109-4ee5-918c-e2351123ea2c
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2022 10:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: teracopy.exe, version: 3.2.0.0, time stamp: 0x5965a745
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1889, time stamp: 0xdc0d8494
Exception code: 0x0eedfade
Fault offset: 0x0012ca42
Faulting process ID: 0x1d8c
Faulting application start time: 0x01d8afc0122a7e6d
Faulting application path: C:\Program Files\TeraCopy\teracopy.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: fb89805d-10d0-4f4a-bcd6-d6bb50da0051
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2022 10:17:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1889 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5958

Start Time: 01d8afbcf4b58b60

Termination Time: 13

Application Path: C:\Windows\explorer.exe

Report Id: f11143fa-42cf-43d7-99c9-8492def03c9e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (08/14/2022 10:05:07 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: BOBS-RYZEN)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (08/14/2022 01:26:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program XYplorer.exe version 23.0.0.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8094

Start Time: 01d8af744a1ae61f

Termination Time: 60000

Application Path: C:\Program Files (x86)\XYplorer\XYplorer.exe

Report Id: 17a58ebc-b90a-4123-b8f6-be21ede33237

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (08/14/2022 12:42:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TeraCopy.exe version 3.5.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7bdc

Start Time: 01d8af6e05736b3f

Termination Time: 8

Application Path: C:\Program Files\TeraCopy\TeraCopy.exe

Report Id: c79f1cb2-d092-4f95-a9ee-1804c402242b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (08/14/2022 12:25:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program powershell.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5b54

Start Time: 01d8af6ba950afa3

Termination Time: 4294967295

Application Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Report Id: 9583e2ea-2591-4e3b-9495-c3d7a0d92cd7

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle


System errors:
=============
Error: (08/14/2022 10:04:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/14/2022 10:04:22 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/14/2022 10:04:21 AM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (08/14/2022 10:04:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:02:57 AM on ‎8/‎14/‎2022 was unexpected.

Error: (08/14/2022 10:03:17 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/14/2022 10:02:51 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (08/14/2022 10:02:24 AM) (Source: DCOM) (EventID: 10005) (User: BOBS-RYZEN)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/14/2022 10:02:13 AM) (Source: DCOM) (EventID: 10005) (User: BOBS-RYZEN)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal


Windows Defender:
================
Date: 2022-08-12 18:05:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-12 16:14:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-12 14:52:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-12 12:51:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-12 12:06:58
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Creprote&threatid=224324&enterprise=0
Name: PUA:Win32/Creprote
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Bob\AppData\Local\01kith2k.lhh\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0m0dkmt2.1ce\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0m5q0ezt.3hm\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0psgu0iq.j2u\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0ssc1auq.av5\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0vsxcipw.q5u\MasterService.exe; file:_C:\Users\Bob\AppData\Local\1ceuhy1b.kwn\MasterService.exe; file:_C:\Users\Bob\AppData\Local\1igqqk2j.q1d\MasterService.exe; file:_C:\Users\Bob\AppData\Local\afwenegq.3lg\MasterService.exe; file:_C:\Users\Bob\AppData\Local\alzojfwo.20w\MasterService.exe; file:_C:\Users\Bob\AppData\Local\awduja1j.q42\MasterService.exe; file:_C:\Users\Bob\AppData\Local\b5hc1yxu.rsd\MasterService.exe; file:_C:\Users\Bob\AppData\Local\bgimbzqj.l2q\MasterService.exe; file:_C:\Users\Bob\AppData\Local\btvrkclu.cfb\MasterService.exe; file:_C:\Users\Bob\AppData\Local\cccvwzn0.hns\MasterService.exe; file:_C:\Users\Bob\AppData\Local\cglwdahq.3rz\Ma
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Security intelligence Version: AV: 1.373.197.0, AS: 1.373.197.0, NIS: 1.373.197.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Event[0]:

Date: 2022-08-14 09:03:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.219.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2022-08-14 08:53:19
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-08-14 07:43:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.219.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2022-08-14 07:33:35
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-08-14 01:41:49
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2022-08-14 11:12:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-08-14 11:08:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. H.D0 05/14/2021
Motherboard: Micro-Star International Co., Ltd. X570-A PRO (MS-7C37)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 71%
Total physical RAM: 16305.71 MB
Available physical RAM: 4622.98 MB
Total Virtual: 29105.71 MB
Available Virtual: 8205.96 MB

==================== Drives ================================

Drive c: (W10 Sabrent 1TB) (Fixed) (Total:417.41 GB) (Free:214.4 GB) (Model: Sabrent Rocket 4.0 1TB) NTFS
Drive d: (Data) (Fixed) (Total:512.92 GB) (Free:388.54 GB) (Model: Sabrent Rocket 4.0 1TB) NTFS
Drive g: (OneDrive) (Fixed) (Total:476.94 GB) (Free:403.19 GB) (Model: Sabrent) NTFS
Drive y: (Google Drive) (Fixed) (Total:15 GB) (Free:5.53 GB) (Model: Sabrent Rocket 4.0 1TB) FAT32

\\?\Volume{db60f9d8-edd8-4696-9e6b-0430ee1a2619}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 078FBF1E)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 600F2637)

Partition: GPT.

==================== End of Addition.txt =======================

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by Bob (administrator) on BOBS-RYZEN (Micro-Star International Co., Ltd. MS-7C37) (14-08-2022 11:07:38)
Running from D:\FRST64
Loaded Profiles: Bob & Mr_Inc & Administrator
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe <45>
(C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <38>
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> ) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\Tablet\Pen\WacomHost.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(cmd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpn-browser-helper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(explorer.exe ->) (Cologne Code Company e.K. -> Cologne Code Company) C:\Program Files (x86)\XYplorer\XYplorer.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\62.0.1.0\crashpad_handler.exe <3>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
(explorer.exe ->) (Martin Prikryl -> Martin Prikryl) C:\Program Files (x86)\WinSCP\WinSCP.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Michael Maltsev -> Ramen Software) C:\Users\Bob\AppData\Local\Programs\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Bob\apjwu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(services.exe ->) (Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Open Source Developer, Marc Hörsken -> Marc Hörsken) C:\Program Files\Marcs Updater\Marcs Updater.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(services.exe ->) (Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(services.exe ->) (Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(services.exe ->) (X-Rite Incorporated -> X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(sihost.exe ->) (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Alexa.DesktopExtension.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <34>
(svchost.exe ->) () [File not signed] C:\Program Files (x86)\CTR 2.1 RC5\CTR 2.1.exe
(svchost.exe ->) (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.) C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe
(svchost.exe ->) (ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(svchost.exe ->) (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.exe
(svchost.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\CleanGenius.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <6>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1852_none_7de3b01c7cacf858\TiWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe
(Thornsoft Development, Inc. -> Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SandMan.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe [3378592 2021-10-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2342800 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2020-09-26] (Open-Shell) [File not signed]
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1254400 2015-12-18] (r2 Studios) [File not signed]
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Bob\AppData\Local\Microsoft\Teams\Update.exe [2508520 2022-08-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [379360 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 33554432
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Bob\AppData\Local\Microsoft\Teams\Update.exe [2508520 2022-08-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [326608 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [852960 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\DisplayFusion\DFSSaver.scr [260048 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2642824 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Mr_Inc\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe" --startup_mode (No File)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleChromeAutoLaunch_A9B92AAB5CEEDD843EABB5BEC0128566] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2851656 2022-07-30] (Google LLC -> Google LLC)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [Fences] => "c:\program files (x86)\stardock\fences\Fences.exe" /startup (No File)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2642824 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2851656 2022-07-30] (Google LLC -> Google LLC)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-09] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045D998C-314A-49F1-9FC9-552D8DED69E9} - System32\Tasks\CleanGenius => C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\CleanGenius.exe [610440 2022-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
Task: {081A3F15-64E4-4182-A8D3-979187F89685} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-20] (Google LLC -> Google LLC)
Task: {09CA0EFF-2254-43E2-8C62-CDD2BFF37424} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0D7EF48C-D617-4EC4-B5ED-B5A4C137F189} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FCEC7C4-CE35-4178-9DF1-838B7DBD6EFC} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [31656 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.)
Task: {1AC08E47-A844-4F6A-BB32-3EC84117F6C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-20] (Google LLC -> Google LLC)
Task: {2A7AEE39-A6E4-4E9F-B6B4-820E224196D6} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {3758D164-BAC3-490A-AAE3-27E59EEEA583} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-03-10] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {3940A08D-11A3-4226-8B33-0B17CCF86BEA} - System32\Tasks\PowerToys\Autorun for Bob => C:\Program Files\PowerToys\PowerToys.exe [1037712 2022-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C447E8C-2903-45A8-A5F6-B9DBFC82FCBF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {3C9A75A0-F003-4CAA-8E55-D11A0CA4B0F4} - System32\Tasks\iesqno => C:\Users\Bob\iesqno\apjwu.exe [940032 2016-10-09] (AutoIt Team) [File not signed] -> C:\Users\Bob\iesqno\ujkjiz.zrq
Task: {403D1F59-E492-466D-9BF9-BE7EE61F63F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4058F75D-D873-47CF-B1A5-B97227168ECD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {431D0DCF-97A8-4D5B-A901-A0E46755D0E9} - System32\Tasks\G2MUpdateTask-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-05-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4521D3FE-2225-4E58-BD7E-1727EFD03ED0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {49C7762D-A00E-4D97-8D54-B71FB3274D61} - System32\Tasks\2BrightSparks\SyncBackProx64\BOBS-RYZEN-Bob\SyncBackPro => C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe [92472864 2022-06-29] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {4F9049DE-D3E7-4B00-B16E-A31EC6102C39} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9456760 2021-12-06] (Safer-Networking Limited -> )
Task: {52710838-E9DC-44D4-BF6D-9CD6B2C3C4CE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145328 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {52DDCCF6-9EF6-4D93-84F8-4C2F826853F2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {556ADBA4-EAB9-4C30-9325-C25972D6C299} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5948425F-CACD-496F-8592-8C907F98BDBA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145328 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C13E91B-CAEB-4582-A254-97F1DA0251D6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E31CB8C-0447-4075-ABB1-CA59738983D0} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6214ECEC-59F0-43EF-B0ED-A36C812C951B} - System32\Tasks\DNS Updater => C:\Program Files\Marcs Updater\Marcs Updater.exe [1027160 2017-04-23] (Open Source Developer, Marc Hörsken -> Marc Hörsken)
Task: {6A1E6600-AA29-4F0A-BE22-29F1A484771E} - System32\Tasks\Disable_Wake => "C:\Users\Bob\Google Drive\Disable_Wake.cmd" (No File)
Task: {6C496493-7417-4A79-B1C2-7AFE38FE5237} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat (No File)
Task: {6E00475F-3A43-459D-A3A8-2CBB4761847B} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {75B997C1-C441-42F5-91EA-58584569AFDF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {765690B6-F6FE-4E2F-82ED-E6B19F99A452} - System32\Tasks\Opera scheduled Autoupdate 1660301580 => C:\Users\Bob\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {796750CC-D804-4A31-8135-4707B6F8FB3B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {7A4EEE8F-E0FA-4A57-A8F2-3B0A4E8C87E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7D79F85C-C83E-4741-B3B5-853247382D6F} - System32\Tasks\MSI Task Host - TraceFPS.exe => C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe [2780144 2021-01-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)
Task: {89A091DD-A31B-48B9-8160-3E0E626C3167} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9456760 2021-12-06] (Safer-Networking Limited -> )
Task: {8B496D98-602B-41EE-A52C-C9FF018DA47D} - System32\Tasks\Core Temp Autostart Bob => C:\Program Files\Core Temp\Core Temp.exe [1035096 2021-04-11] (ALCPU -> ALCPU)
Task: {8BBD004A-D85F-4E1A-B948-90C83687358B} - System32\Tasks\CorelUpdateHelperTask-E7E49F515F94C7506F5B32E4BFBD8DE2 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {8E9FA473-9FCD-4954-A349-AAB23245E83B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {998139B4-2C7A-474F-A7A7-50DC2F81BC88} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AA5E436-823A-4BED-97E7-50D8B766C45C} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1952448 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {9AF99A77-6F6D-4B49-9031-40E9DA8D37AC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A001E9FD-97C1-4DEB-A18F-DDE93C14140C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {A2971177-B9E6-42F5-9F34-8A44775EB5BF} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
Task: {A5F3D623-6A86-47A1-B637-E126039361C3} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe (No File)
Task: {AAAC17BD-F002-487C-BEA2-463B56CEB052} - System32\Tasks\MSI Task Host - MSI_GamebarTool.exe => C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe [83256 2021-12-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {AECCF170-95CE-4BC6-9759-3AB67E2635DF} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
Task: {B41D06F5-33AB-4B2F-9739-E775781EF5E5} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2342800 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4406CE4-80C2-41BC-88A7-15310D811ACD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB19BB89-9159-47B6-877B-A0CB3B056854} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {BCD508EF-BC57-4D59-840A-19BC13CF0893} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {BEC39FA2-ED4C-4085-8C6B-A2E335E73C19} - System32\Tasks\CTR 2.1 RC5 => C:\Program Files (x86)\CTR 2.1 RC5\CTR 2.1.exe [970240 2021-05-12] () [File not signed]
Task: {BEC6885F-8D95-48D9-86BE-7863BF3B4C85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF44B5DB-DCFD-4F2C-A6EA-7C7FA5328D7A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C3B51CAB-94BD-44D1-B8DB-87F595D37A37} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CBA31408-D5D0-4E13-A2EE-B202FA9E39AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D5B2B445-B43B-46B5-8C64-A9D133E460E0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61856 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB051437-821E-47E9-B753-6826C22AFCAF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DB3D3C0A-0715-407A-A2AC-3F37BCC550C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3FB2F5-C93F-4A43-8650-1C02D5522EA8} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {E74B7231-1788-4D6E-AC75-0253160BE0DA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F268EAA4-FCD9-41EC-8C73-818475DD92C6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2E0B060-A840-46FA-BAF6-AC0CF3B61CD9} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [1962320 2021-12-16] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {F31B7866-F1E7-4468-89AA-11A4162D5F14} - System32\Tasks\2BrightSparks\SyncBackProx64\BOBS-RYZEN-Robert\SyncBackPro => C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe [92472864 2022-06-29] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
Task: {F4AC72B7-A657-4F10-89D9-593EFA1C6BE5} - System32\Tasks\G2MUploadTask-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-05-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F984F90B-3740-4420-8F4B-E3AB53B60E45} - System32\Tasks\Enable Wake => "C:\Users\Bob\Google Drive\Enable_Wake.cmd" (No File)
Task: {FC37C1A5-DC1A-433B-82E6-D1DB8D73EF2C} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1182144281-2128924332-3640585907-1001.job => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1182144281-2128924332-3640585907-1001.job => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupload.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2bad1b5b-1080-4576-a1a3-f4e473f299f4}: [NameServer] 10.151.0.1
Tcpip\..\Interfaces\{7228c8be-bf74-461f-8c92-86e938889c33}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-14]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge NewTab: Default -> Active:"chrome-extension://iccjgbbjckehppnpajnmplcccjcgbdep/index.html"
Edge Extension: (Map Maker Overlay) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abbhipgjfgfpbedbhbihihpnfelpjldb [2021-05-18]
Edge Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\acnbnghploonojdneaapglimokkefngg [2021-12-04]
Edge Extension: (Highlight This: finds and marks words) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\afggjmaeddgckaafbkjlaacjmifmdoim [2021-05-18]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2022-08-10]
Edge Extension: (Sexy Undo Close Tab) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2021-05-18]
Edge Extension: (Web Developer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2021-05-18]
Edge Extension: (Extension Manager) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhahgfgngfghgjhnpplmemebhenieijb [2021-11-17]
Edge Extension: (Mute Tab) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blljobffcekcbopmkgfhpcjmbfnelkfg [2021-05-18]
Edge Extension: (Amazon Wish List Total) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\boekbkconiendicldakeboooeilaldmh [2022-07-19]
Edge Extension: (The Camelizer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpggaanjmbjoahhknlajnhdhkljekpbg [2022-04-13]
Edge Extension: (Right-Click Search IMDb) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2022-06-21]
Edge Extension: (鼠标手势) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbopgngpbfeoecnbebghbbhmdadmllce [2022-05-10]
Edge Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2021-05-18]
Edge Extension: (Stylus) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2022-06-04]
Edge Extension: (Ad-blocker for Gmail™) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2021-05-18]
Edge Extension: (Gmelius for Gmail) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2022-02-16]
Edge Extension: (SABctrl) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dhkfabgoljcjldkplbkgedghjgoggdfe [2021-05-18]
Edge Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-05-18]
Edge Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-05-18]
Edge Extension: (APNG) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2021-05-18]
Edge Extension: (Google Font Previewer for Chrome) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\engndlnldodigdjamndkplafgmkkencc [2022-07-08]
Edge Extension: (HTTPS Everywhere) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-05-25]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-21]
Edge Extension: (Avast Online Security & Privacy) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2022-07-24]
Edge Extension: (Web ) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fedimamkpgiemhacbdhkkaihgofncola [2022-01-06]
Edge Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2022-08-10]
Edge Extension: (Stylish - Custom themes for any website) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2022-08-14]
Edge Extension: (Zoom) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gdndpilddmlahjjcfmknlmindbklnbel [2021-05-18]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-07-08]
Edge Extension: (XPath Helper) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2021-05-18]
Edge Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-05-18]
Edge Extension: (Close & Clean) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld [2021-05-18]
Edge Extension: (Eye Dropper) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2022-08-01]
Edge Extension: (ProductivityTab — Custom New Tab Dashboard) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iccjgbbjckehppnpajnmplcccjcgbdep [2022-08-14]
Edge Extension: (New Tab Redirect) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2021-05-18]
Edge Extension: (AutoPagerize) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2021-05-18]
Edge Extension: (YouTube Dark Theme) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihgmjddljpjooagcfkjjgojbfofknpmm [2022-01-28]
Edge Extension: (Tampermonkey) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2022-05-27]
Edge Extension: (Row Highlighter for Gmail™ and Inbox™) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijfolchflbmnfopmpmodilcelmdakbfl [2021-05-18]
Edge Extension: (Cisco Webex Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2022-07-24]
Edge Extension: (Call From Browser) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\impiikfnffjblkkefnplfonianmboaam [2021-05-18]
Edge Extension: (YouTube Comments Search and Analytics) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inifheokcihloefgjkdnmfklgfkakkjn [2021-05-18]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-05-18]
Edge Extension: (Chrome extension source viewer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2022-05-09]
Edge Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-05-18]
Edge Extension: (History Blocker by Site) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\keamekimefemnbgegbfkdkmbomaahfai [2021-05-18]
Edge Extension: (Gmail reverse conversation) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2022-05-16]
Edge Extension: (ColumnCopy) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lapbbfoohlcmlbdaakldmmallcbcbpjb [2021-05-18]
Edge Extension: (RemoveCookiesForSite) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm [2021-05-18]
Edge Extension: (Google Keep Chrome Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2022-08-11]
Edge Extension: (IMDB Ratings Viewer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mcmmjahiclndbfdkblfnopheledjibfl [2021-05-18]
Edge Extension: (Reload All Tabs) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2021-05-18]
Edge Extension: (Google Hangouts) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-17]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-07-19]
Edge Extension: (My IMDb) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngicopfkgbodejbbfalbmobdpjebhhmb [2021-07-08]
Edge Extension: (Youtube) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nipggfgilmoiofmnkbeabghbcaohmjih [2021-05-18]
Edge Extension: (ShareX) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2021-05-18]
Edge Extension: (Expensify Web Receipts) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2021-05-18]
Edge Extension: (Google Quick Scroll) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2022-05-16]
Edge Extension: (SABconnect++) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2021-09-19]
Edge Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omhcfmofjcdakjciciffgbdoojiclhbn [2021-05-18]
Edge Extension: (Virtual Keyboard) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-05-18]
Edge Extension: (Personalized Web) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\plcnnpdmhobdfbponjpedobekiogmbco [2021-05-18]
Edge Profile: C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-08-01]

FireFox:
========
FF DefaultProfile: 0llbq56w.default
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\0llbq56w.default [2022-04-10]
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\89rtrf61.default-release [2022-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-08-14] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR DefaultProfile: default
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob [2022-04-14] <==== ATTENTION
CHR Extension: (Slides) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-14]
CHR Extension: (Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-14]
CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-14]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-04-14]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-14]
CHR Extension: (Sheets) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-14]
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-14]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-14]
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default [2022-08-14]
CHR Notifications: Default -> hxxps://crmplus.zoho.eu; hxxps://meet.google.com; hxxps://spark.adobe.com; hxxps://track.dpd.co.uk
CHR NewTab: Default -> Active:"chrome-extension://iccjgbbjckehppnpajnmplcccjcgbdep/index.html"
CHR Extension: (Map Maker Overlay) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbhipgjfgfpbedbhbihihpnfelpjldb [2021-03-20]
CHR Extension: (Entanglement Web App) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-03-20]
CHR Extension: (Send to OneNote) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2021-03-20]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2021-03-20]
CHR Extension: (Web Developer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2021-03-20]
CHR Extension: (DuckDuckGo) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-08-10]
CHR Extension: (Mute Tab) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blljobffcekcbopmkgfhpcjmbfnelkfg [2021-03-27]
CHR Extension: (Slinky Elegant) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2022-08-10]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-08-10]
CHR Extension: (Right-Click Search IMDb) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2022-06-17]
CHR Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2021-03-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-07]
CHR Extension: (Stylus) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2022-06-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-07-11]
CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2021-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-05-08]
CHR Extension: (Gmelius for Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2022-02-15]
CHR Extension: (SABctrl) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkfabgoljcjldkplbkgedghjgoggdfe [2021-04-18]
CHR Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-03-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-03-20]
CHR Extension: (Session Buddy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-03-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-07-26]
CHR Extension: (APNG) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2021-03-20]
CHR Extension: (Google Font Previewer for Chrome) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\engndlnldodigdjamndkplafgmkkencc [2022-07-07]
CHR Extension: (Web ) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedimamkpgiemhacbdhkkaihgofncola [2021-12-18]
CHR Extension: (Highlight This: finds and marks words) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbnmjmbjenlhbefngfibmjkpbcljaj [2022-07-25]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2022-08-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-20]
CHR Extension: (The Camelizer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2022-03-18]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-20]
CHR Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2022-04-10]
CHR Extension: (Extension Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjldcdngmdknpinoemndlidpcabkggco [2021-11-05]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-08-10]
CHR Extension: (XPath Helper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2021-03-20]
CHR Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-03-20]
CHR Extension: (Close & Clean) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld [2021-03-20]
CHR Extension: (Eye Dropper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2022-08-02]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2022-08-10]
CHR Extension: (ProductivityTab — Custom New Tab Dashboard) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccjgbbjckehppnpajnmplcccjcgbdep [2022-05-27]
CHR Extension: (YouTube Dark Theme) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgoeaddhagkbjnnigiblfebijeinfme [2022-04-10]
CHR Extension: (New Tab Redirect) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2021-03-20]
CHR Extension: (AutoPagerize) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2021-03-20]
CHR Extension: (Row Highlighter for Gmail™ and Inbox™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfolchflbmnfopmpmodilcelmdakbfl [2021-03-20]
CHR Extension: (Call From Browser) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\impiikfnffjblkkefnplfonianmboaam [2021-03-20]
CHR Extension: (YouTube Comments Search and Analytics) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\inifheokcihloefgjkdnmfklgfkakkjn [2021-03-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-03-20]
CHR Extension: (Chrome extension source viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2022-05-06]
CHR Extension: (CrxMouse Chrome™ Gestures) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2022-08-04]
CHR Extension: (Cisco Webex Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-22]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-03-20]
CHR Extension: (History Blocker by Site) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\keamekimefemnbgegbfkdkmbomaahfai [2021-03-20]
CHR Extension: (Gmail reverse conversation) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2021-10-14]
CHR Extension: (Zoom Scheduler) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2022-07-24]
CHR Extension: (ColumnCopy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapbbfoohlcmlbdaakldmmallcbcbpjb [2021-03-20]
CHR Extension: (RemoveCookiesForSite) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm [2021-03-20]
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-03-20]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2022-08-10]
CHR Extension: (IMDB Ratings Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmmjahiclndbfdkblfnopheledjibfl [2021-03-20]
CHR Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2022-07-12]
CHR Extension: (Reload All Tabs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2021-05-05]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-06-10]
CHR Extension: (Google Hangouts) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-14]
CHR Extension: (My IMDb) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngicopfkgbodejbbfalbmobdpjebhhmb [2021-07-04]
CHR Extension: (ShareX) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2021-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-20]
CHR Extension: (AdFly Skipper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2022-08-09]
CHR Extension: (Adblock for You) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcaehilgakehloljjmajoempaflmdci [2022-07-20]
CHR Extension: (Expensify Web Receipts) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2021-03-20]
CHR Extension: (Google Quick Scroll) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2021-03-20]
CHR Extension: (SABconnect++) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2021-09-14]
CHR Extension: (Virtual Keyboard) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-03-20]
CHR Extension: (Personalized Web) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcnnpdmhobdfbponjpedobekiogmbco [2021-03-20]
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-08-10]
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-08-10]
CHR Notifications: Profile 1 -> hxxps://www.easeus.com
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-01]
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2 [2022-08-12] <==== ATTENTION
CHR Notifications: Profile2 -> hxxps://crmplus.zoho.eu; hxxps://meet.google.com; hxxps://teams.microsoft.com
CHR Extension: (Adblock for Youtube™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-07-14]
CHR Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-03-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-03-21]
CHR Extension: (HTTP Archive Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\ebbdbdmhegaoooipfnjikefdpeoaidml [2021-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-05]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-22]
CHR Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2022-04-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-08-12]
CHR Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-03-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-03-21]
CHR Extension: (CrxMouse Chrome™ Gestures) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2021-12-06]
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-03-21]
CHR Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2022-07-14]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-21]
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\System Profile [2022-08-10]
CHR HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46864 2022-08-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [326608 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [44168 2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{283A3793-05D9-40BE-9F0B-926C470496B9} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438240 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncHelper.exe [3389856 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology, LLC -> Seagate Technology LLC)
S3 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [31544 2018-11-19] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Marcs Updater; C:\Program Files\Marcs Updater\Marcs Updater.exe [1027160 2017-04-23] (Open Source Developer, Marc Hörsken -> Marc Hörsken)
R2 MSI_Central_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150840 2021-06-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Super_Charger_Service; C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe [39224 2021-04-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36152 2021-08-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [39760 2021-05-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.156.0724.0001\OneDriveUpdaterService.exe [3830176 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R2 SBMServiceV2; C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe [6943824 2022-02-03] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [748664 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{BDE15B69-F161-43E2-BAAE-2C80AB5D7D0D} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [91048 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Bob\AppData\Local\Temp\ALSysIO64.sys [47240 2022-08-14] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R3 AMDVBT2BDA; C:\WINDOWS\system32\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
R3 AMDVBT2BDA; C:\Windows\SysWOW64\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
R3 AMDVBT2USB; C:\WINDOWS\System32\Drivers\AMDVBT2USB.sys [49528 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
R3 AMDVBT2USB; C:\Windows\SysWOW64\Drivers\AMDVBT2USB.sys [49528 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321784 2022-03-10] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R1 CTIIO; C:\WINDOWS\system32\drivers\CtiIo64.sys [29208 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ecmntdrv; C:\WINDOWS\system32\ecmntdrv.sys [36280 2021-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [74296 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [54328 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [24152 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [555072 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-05-09] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2022-03-02] (Express VPN International Ltd. -> ExpressVPN)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [38544 2018-12-13] (Feature Integration Technology Inc -> FINTEK Corp.)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
S3 inpoutx64; C:\WINDOWS\system32\drivers\inpoutx64.sys [15008 2021-08-16] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [29576 2021-11-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\MSI Center\Super Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RTL2832UBDA; C:\WINDOWS\system32\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys [59512 2019-12-10] (Astrometa Co.,Ltd. -> Realtek)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R2 SSGDIO; C:\WINDOWS\SysWOW64\DRIVERS\ssgdio64.sys [14608 2021-03-22] (ATI Technologies, Inc -> ATI Technologies Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2022-03-02] (ExprsVPN LLC -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [242656 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [252560 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1081592 2022-07-19] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [175800 2022-03-22] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-08-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-08-12] (Microsoft Windows -> Microsoft Corporation)
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2020-02-26] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R3 WinRing0_1_2_2; C:\WINDOWS\system32\drivers\WinRing0_1_2_2.sys [31152 2022-08-14] (PAIPTAC Driver -> )
R3 xmosusbaudiost30C8; C:\WINDOWS\System32\drivers\xmosusbaudiost30C8.sys [275032 2017-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
R3 xmosusbaudiost30C8ks; C:\WINDOWS\System32\drivers\xmosusbaudiost30C8ks.sys [52824 2017-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-14 11:04 - 2022-08-14 11:07 - 000000000 ____D C:\FRST
2022-08-14 11:02 - 2022-08-14 11:02 - 000000635 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegBackup.lnk
2022-08-14 10:59 - 2022-08-14 10:59 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-BOBS-RYZEN-Windows-10-Pro-(64-bit).dat
2022-08-14 10:59 - 2022-08-14 10:59 - 000000000 ____D C:\Users\Bob\Desktop\RegBackup
2022-08-14 10:26 - 2022-08-14 10:26 - 000000000 ___HD C:\Users\Bob\AppData\Roaming\Obsidium
2022-08-14 10:26 - 2022-08-14 10:26 - 000000000 ___HD C:\Users\Bob\.obs32
2022-08-14 10:25 - 2022-08-14 10:25 - 000001700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
2022-08-14 10:25 - 2022-08-14 10:25 - 000000000 ____D C:\Program Files\TeraCopy
2022-08-14 10:06 - 2022-08-14 10:06 - 005348771 _____ C:\Users\Bob\Desktop\TeamSpybot-20220814-100655.cab
2022-08-14 09:34 - 2022-08-14 09:34 - 000001749 _____ C:\Users\Public\Desktop\Reset Browser Settings.lnk
2022-08-14 09:34 - 2022-08-14 09:34 - 000000875 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2022-08-14 09:34 - 2022-08-14 09:34 - 000000000 ____D C:\Program Files\Trojan Killer
2022-08-14 08:55 - 2022-08-14 08:55 - 005441916 _____ C:\Users\Bob\Desktop\TeamSpybot-20220814-085523.cab
2022-08-14 08:53 - 2022-08-14 09:50 - 000287020 _____ C:\WINDOWS\ntbtlog.txt
2022-08-14 08:50 - 2022-08-14 08:50 - 005496181 _____ C:\Users\Administrator\Desktop\TeamSpybot-20220814-085051.cab
2022-08-14 08:48 - 2022-08-14 08:48 - 000000000 ____D C:\Users\Administrator\Documents\ProcAlyzer Dumps
2022-08-14 01:41 - 2022-08-14 08:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-08-13 17:35 - 2022-08-13 17:35 - 000000000 ____D C:\Users\Bob\AppData\Local\Microsoft_Corporation
2022-08-13 17:27 - 2022-08-13 23:20 - 000000053 _____ C:\Users\Bob\nfsmount.ps1
2022-08-13 16:16 - 2022-08-13 16:16 - 000000000 ____D C:\Users\Bob\Documents\TeraCopy
2022-08-13 14:18 - 2022-08-14 10:05 - 000031152 _____ C:\WINDOWS\system32\Drivers\WinRing0_1_2_2.sys
2022-08-13 10:41 - 2022-08-13 10:41 - 000005772 _____ C:\Users\Bob\AppData\Local\recently-used.xbel
2022-08-13 09:57 - 2022-08-13 22:56 - 000003656 _____ C:\WINDOWS\system32\Tasks\CTR 2.1 RC5
2022-08-13 09:56 - 2022-08-13 09:56 - 000000000 ____D C:\Users\Bob\AppData\Local\A
2022-08-13 09:26 - 2022-08-13 09:26 - 1326241977 _____ C:\WINDOWS\MEMORY.DMP
2022-08-13 09:26 - 2022-08-13 09:26 - 001385404 _____ C:\WINDOWS\Minidump\081322-8390-01.dmp
2022-08-12 21:29 - 2022-08-12 21:38 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Emby-Theater
2022-08-12 21:29 - 2022-08-12 21:29 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Emby
2022-08-12 12:12 - 2022-08-12 12:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2022-08-12 12:01 - 2022-08-12 12:01 - 000001429 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2022-08-12 12:01 - 2022-08-12 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2022-08-12 12:01 - 2022-08-12 12:01 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2022-08-12 11:53 - 2022-08-12 11:53 - 000004164 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1660301580
2022-08-12 11:53 - 2022-08-12 11:53 - 000001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2022-08-12 11:53 - 2022-08-12 11:53 - 000001467 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2022-08-12 11:53 - 2022-08-12 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2022-08-12 10:28 - 2022-08-12 10:28 - 000003460 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2022-08-12 10:17 - 2022-08-12 10:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Wireshark
2022-08-12 10:16 - 2022-08-14 09:54 - 000000000 ____D C:\Program Files\Npcap
2022-08-11 22:34 - 2022-06-20 22:52 - 000455160 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20220811-223432.backup
2022-08-11 20:37 - 2022-08-11 20:37 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Kutools for Excel
2022-08-11 20:36 - 2022-08-11 20:36 - 000003628 _____ C:\WINDOWS\system32\Tasks\iesqno
2022-08-11 20:36 - 2022-08-11 20:36 - 000000000 __SHD C:\Users\Bob\iesqno
2022-08-11 20:35 - 2022-08-11 20:35 - 000001198 _____ C:\Users\Bob\Desktop\Kutools for Excel.lnk
2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Kutools for Excel
2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Program Files (x86)\Kutools for Excel
2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Program Files (x86)\Addin Technology Inc
2022-08-11 09:17 - 2022-08-11 09:17 - 000000000 ____D C:\Program Files (x86)\CTR 2.1 RC5
2022-08-10 23:08 - 2022-08-10 23:08 - 000000000 ____D C:\easeus_tb_cloud
2022-08-10 01:19 - 2022-08-10 15:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-08-10 01:15 - 2022-08-10 01:15 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 01:15 - 2022-08-10 01:15 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 01:15 - 2022-08-10 01:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 01:15 - 2022-08-10 01:15 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 01:15 - 2022-08-10 01:15 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 01:15 - 2022-08-10 01:15 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 01:15 - 2022-08-10 01:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 01:15 - 2022-08-10 01:15 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 01:10 - 2022-08-10 01:10 - 000000000 ___HD C:\$WinREAgent
2022-08-10 00:50 - 2022-08-14 10:04 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-09 23:53 - 2022-08-13 22:25 - 000004096 ___SH C:\{AABB0633-9B60-45F1-911E-E8F89E0702BE}.CBM
2022-08-09 23:09 - 2022-08-09 23:09 - 000001305 _____ C:\Users\Bob\Documents\TaskExport_SYSTEM.tbbak
2022-08-09 22:48 - 2022-08-09 22:48 - 000001149 _____ C:\Users\Public\Desktop\WinSCP.lnk
2022-08-09 22:32 - 2022-08-09 22:32 - 000000000 ____D C:\Users\Bob\AppData\Roaming\easeus
2022-08-09 22:32 - 2022-08-09 22:32 - 000000000 ____D C:\Users\Bob\AppData\Local\DupFilesUI
2022-08-09 15:54 - 2022-08-09 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-08-09 14:48 - 2022-08-09 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-08-09 14:48 - 2022-08-09 15:54 - 000000000 ____D C:\Program Files\Java
2022-08-09 14:48 - 2022-08-09 14:48 - 000070920 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-08-09 14:48 - 2022-08-09 14:48 - 000000000 ____D C:\Program Files\Common Files\Oracle
2022-08-08 20:33 - 2022-08-08 20:33 - 000000000 ____D C:\WINDOWS\Panther
2022-08-03 18:04 - 2022-08-03 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-08-03 15:47 - 2022-08-03 15:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Aquila Technology
2022-08-03 15:46 - 2022-08-03 15:46 - 000000000 ____D C:\Users\Bob\AppData\Local\Aquila_Technology
2022-08-03 15:46 - 2022-08-03 15:46 - 000000000 ____D C:\ProgramData\Aquila Technology
2022-08-03 15:05 - 2022-08-03 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2022-08-02 11:22 - 2022-08-14 10:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2022-08-02 11:22 - 2022-08-02 11:22 - 000000000 ____D C:\Program Files\PowerToys
2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-08-01 23:21 - 2022-08-01 23:21 - 000046864 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-07-30 11:28 - 2022-08-14 10:05 - 000003416 _____ C:\WINDOWS\system32\Tasks\CleanGenius
2022-07-30 11:28 - 2022-07-30 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS CleanGenius
2022-07-30 11:28 - 2022-03-24 14:13 - 000173192 _____ C:\WINDOWS\system32\setupecmdrvx64.exe
2022-07-30 11:28 - 2021-03-24 13:04 - 000036280 _____ C:\WINDOWS\system32\ecmntdrv.sys
2022-07-30 11:28 - 2021-03-24 13:04 - 000000010 _____ C:\WINDOWS\system32\setupecmdrv.ini
2022-07-30 11:27 - 2022-07-30 11:28 - 000000000 ____D C:\Users\Bob\AppData\Local\unali-2682453
2022-07-30 09:58 - 2022-07-30 09:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\Seagate_Install_Launch
2022-07-30 09:58 - 2022-07-30 09:58 - 000002193 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Seagate
2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Nero
2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\ProgramData\Nero
2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2022-07-29 23:31 - 2022-07-29 23:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\NVIDIA
2022-07-29 23:29 - 2022-08-12 21:28 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Emby-InstallLogs
2022-07-28 11:40 - 2022-08-14 10:04 - 000000000 ____D C:\Users\Bob\AppData\Local\LogiBolt
2022-07-28 11:39 - 2022-07-28 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2022-07-28 11:38 - 2022-07-28 11:38 - 000000000 ____D C:\Program Files\Logitech
2022-07-27 00:13 - 2022-07-27 00:16 - 000000174 _____ C:\Users\Bob\Documents\Wake_Shield.bat
2022-07-26 21:49 - 2022-07-26 21:50 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2022-07-26 21:49 - 2022-07-26 21:49 - 000001803 _____ C:\Users\Bob\Desktop\CrystalDiskInfo.lnk
2022-07-25 11:39 - 2022-07-25 11:39 - 000000811 _____ C:\Users\Bob\Desktop\wakeunraid.bat
2022-07-24 22:53 - 2022-07-24 22:55 - 000000128 _____ C:\Users\Bob\AppData\Local\PUTTY.RND
2022-07-24 22:49 - 2022-08-14 10:06 - 000000128 _____ C:\Users\Bob\AppData\Roaming\winscp.rnd
2022-07-23 15:30 - 2022-07-23 15:30 - 000000546 _____ C:\Users\Bob\usb5.vmdk
2022-07-23 14:58 - 2022-07-23 14:58 - 000000546 _____ C:\Users\Bob\usb3.vmdk
2022-07-23 14:44 - 2022-07-23 15:07 - 000000637 _____ C:\usb2.vmdk
2022-07-23 09:53 - 2022-07-23 09:53 - 001620284 _____ C:\WINDOWS\Minidump\072322-9593-01.dmp
2022-07-19 15:50 - 2022-07-19 15:50 - 000252560 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2022-07-19 15:50 - 2022-07-19 15:50 - 000242656 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2022-07-17 18:29 - 2022-07-17 18:29 - 002629780 _____ C:\WINDOWS\Minidump\071722-8953-01.dmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-14 11:06 - 2022-05-30 15:34 - 000000000 ____D C:\ProgramData\SBMService
2022-08-14 11:06 - 2022-03-17 10:05 - 000000000 ____D C:\Users\Bob\AppData\Roaming\DropboxElectron
2022-08-14 11:06 - 2021-06-15 17:20 - 000000000 ____D C:\Users\Bob\AppData\Local\Dropbox
2022-08-14 11:02 - 2021-04-03 01:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\TeraCopy
2022-08-14 10:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-14 10:36 - 2021-03-20 14:21 - 000000000 ____D C:\Users\Bob\AppData\Roaming\XYplorer
2022-08-14 10:34 - 2021-03-20 13:16 - 000000000 ____D C:\Users\Bob\AppData\Local\OpenShell
2022-08-14 10:27 - 2021-03-20 21:53 - 000000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2022-08-14 10:26 - 2022-01-22 21:59 - 000000000 ____D C:\Users\Bob
2022-08-14 10:19 - 2021-03-21 12:38 - 000000000 ____D C:\Users\Bob\AppData\LocalLow\Mozilla
2022-08-14 10:14 - 2021-03-20 13:08 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-14 10:12 - 2021-03-20 21:42 - 000000000 ____D C:\Program Files\Registry Workshop
2022-08-14 10:11 - 2022-01-22 22:08 - 000972494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-14 10:11 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-14 10:10 - 2022-04-10 17:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-08-14 10:08 - 2021-03-20 21:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-08-14 10:05 - 2022-01-29 02:10 - 000000000 ___RD C:\Users\Bob\OneDrive - Gradient
2022-08-14 10:05 - 2022-01-24 13:17 - 000000000 ___RD C:\Users\Bob\Gradient
2022-08-14 10:05 - 2021-07-20 13:56 - 000000000 ___RD C:\Users\Bob\Numerical Algorithms Group Ltd
2022-08-14 10:05 - 2021-05-18 09:38 - 000000000 ___RD C:\Users\Bob\contegosafety.co.uk
2022-08-14 10:05 - 2021-03-20 13:24 - 000000000 ____D C:\ProgramData\TEMP
2022-08-14 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2022-08-14 10:04 - 2022-01-22 22:11 - 000003128 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2022-08-14 10:04 - 2022-01-22 22:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-14 10:04 - 2022-01-22 21:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-14 10:04 - 2021-04-16 14:44 - 000000000 ____D C:\ProgramData\NVIDIA
2022-08-14 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-14 10:03 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-14 10:02 - 2019-12-07 10:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2022-08-14 01:39 - 2021-03-20 23:40 - 000000475 _____ C:\WINDOWS\wininit.ini
2022-08-14 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-08-13 22:50 - 2021-03-20 14:35 - 000000000 ____D C:\Users\Bob\Documents\ShareX
2022-08-13 22:25 - 2022-01-23 05:46 - 000000000 ____D C:\WINDOWS\system32\msmq
2022-08-13 22:20 - 2022-01-24 00:29 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2022-08-13 22:20 - 2021-03-22 14:47 - 000428032 ___SH C:\EUMONBMP.SYS
2022-08-13 22:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-13 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-13 22:16 - 2021-03-20 11:49 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-13 17:38 - 2021-03-20 20:35 - 000000000 ____D C:\Users\Bob\AppData\Local\DisplayFusion
2022-08-13 10:44 - 2021-08-20 17:40 - 000000000 ____D C:\Users\Bob\Desktop\Tools
2022-08-13 10:41 - 2021-11-06 20:35 - 000000000 ____D C:\Users\Bob\.dbus-keyrings
2022-08-13 10:38 - 2022-01-22 22:11 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B186346E-6F9F-4080-BE06-49E909C0A7AE}
2022-08-13 09:26 - 2022-07-14 20:47 - 000000000 ____D C:\WINDOWS\Minidump
2022-08-13 00:29 - 2021-03-20 21:38 - 000000000 ___RD C:\Users\Bob\Google Drive
2022-08-12 17:44 - 2021-03-21 16:47 - 000000000 ___HD C:\Users\Bob\.VirtualBox
2022-08-12 17:42 - 2021-03-21 16:47 - 000000000 ____D C:\ProgramData\VirtualBox
2022-08-12 16:20 - 2021-04-18 20:53 - 000000000 ____D C:\Users\Bob\AppData\Roaming\vlc
2022-08-12 14:48 - 2021-03-20 13:14 - 000000000 ____D C:\Users\Bob\AppData\Local\D3DSCache
2022-08-12 12:39 - 2021-03-20 13:39 - 000000000 ____D C:\Users\Bob\AppData\Local\PlaceholderTileLogoFolder
2022-08-12 12:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-08-12 11:59 - 2021-03-20 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-12 11:53 - 2021-03-20 21:57 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-08-12 11:38 - 2021-04-19 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2022-08-12 11:38 - 2021-04-19 00:22 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2022-08-12 11:36 - 2021-03-22 13:57 - 000002334 ____H C:\Users\Bob\Documents\Default.rdp
2022-08-12 11:01 - 2021-06-14 22:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-08-12 10:10 - 2022-01-22 22:11 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1004
2022-08-12 10:10 - 2022-01-22 22:11 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1001
2022-08-12 10:10 - 2022-01-22 22:11 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-500
2022-08-12 10:10 - 2022-01-22 22:11 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-08-12 10:10 - 2021-03-23 20:05 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-08-12 08:38 - 2021-06-15 17:20 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-08-12 08:38 - 2021-06-15 17:20 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-08-12 00:57 - 2021-03-22 20:12 - 000000000 ____D C:\Users\Bob\VirtualBox VMs
2022-08-11 23:55 - 2022-01-22 22:11 - 000003984 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-08-11 23:55 - 2022-01-22 22:11 - 000003752 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-08-11 22:29 - 2021-03-20 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2022-08-11 22:29 - 2021-03-20 14:35 - 000000000 ____D C:\Program Files\ShareX
2022-08-11 21:48 - 2021-03-20 11:52 - 000000000 ____D C:\Users\Bob\AppData\Local\Packages
2022-08-11 16:59 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Gradient
2022-08-11 16:58 - 2021-08-20 17:29 - 000000000 ____D C:\Users\Bob\Desktop\Miscellaneous
2022-08-11 16:57 - 2021-06-17 12:19 - 000000000 ____D C:\Users\Bob\Desktop\!NAG
2022-08-11 16:57 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Meyer
2022-08-11 16:55 - 2021-06-15 17:22 - 000000000 ___RD C:\Users\Bob\Dropbox
2022-08-11 15:46 - 2021-03-22 13:58 - 000000000 ____D C:\Users\Bob\Documents\Personal
2022-08-11 15:22 - 2021-03-21 17:40 - 000000000 ____D C:\Users\Bob\AppData\Roaming\WhatsApp
2022-08-11 13:02 - 2021-06-07 23:21 - 000000000 ____D C:\Users\Bob\AppData\Local\babl-0.1
2022-08-11 11:49 - 2021-06-07 23:28 - 000000000 ____D C:\Users\Bob\AppData\Local\gtk-2.0
2022-08-10 23:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-08-10 23:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 19:43 - 2021-03-20 14:21 - 000000000 ____D C:\Program Files (x86)\XYplorer
2022-08-10 15:46 - 2022-01-29 13:05 - 000000000 ___HD C:\.tmp.drivedownload
2022-08-10 15:20 - 2021-03-21 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-10 11:51 - 2022-04-11 14:44 - 000000000 ____D C:\Users\Bob\AppData\Local\WhatsApp
2022-08-10 10:10 - 2021-06-05 19:49 - 000000000 ____D C:\Users\Bob\AppData\Local\NVIDIA Corporation
2022-08-10 08:29 - 2022-04-10 17:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-10 08:29 - 2022-04-10 17:18 - 000000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-08-10 01:23 - 2022-01-22 21:57 - 000572040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-10 01:22 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-10 01:22 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 01:15 - 2022-01-22 22:00 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 01:10 - 2021-03-20 22:06 - 000000000 ____D C:\Program Files\dotnet
2022-08-10 01:10 - 2021-03-20 13:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 01:10 - 2021-03-20 12:34 - 000000000 ____D C:\ProgramData\Package Cache
2022-08-10 01:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 01:05 - 2021-03-20 13:27 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-09 23:04 - 2021-03-23 15:31 - 000002406 ____H C:\WINDOWS\EPMBatch.ept
2022-08-09 23:03 - 2021-03-23 15:21 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2022-08-09 22:48 - 2021-03-21 11:39 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2022-08-09 22:48 - 2021-03-21 11:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
2022-08-09 22:32 - 2021-03-20 20:41 - 000000000 ____D C:\ProgramData\SystemAcCrux
2022-08-09 16:14 - 2022-02-14 18:50 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-09 15:32 - 2022-05-09 14:35 - 000000000 ____D C:\Users\Bob\GearWatchDesigner
2022-08-09 14:49 - 2022-05-09 14:33 - 000000000 ____D C:\ProgramData\Oracle
2022-08-09 14:14 - 2021-08-14 11:04 - 000002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-08-08 20:21 - 2021-03-22 20:45 - 000000000 ____D C:\Users\Administrator\Documents\Windows_10_x64 2021-3-22 19-45
2022-08-07 16:13 - 2021-03-20 21:26 - 000001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncBackPro.lnk
2022-08-06 15:26 - 2022-03-26 19:18 - 000001197 _____ C:\Users\Bob\Desktop\Multi-Sub Optimizer.lnk
2022-08-06 15:19 - 2022-04-10 01:12 - 000000000 ____D C:\Users\Bob\REW
2022-08-06 14:57 - 2022-06-07 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REW
2022-08-06 14:57 - 2022-06-07 17:18 - 000000000 ____D C:\Program Files\REW
2022-08-05 09:48 - 2022-02-15 10:04 - 000002414 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-08-05 09:16 - 2022-02-12 15:44 - 000000000 ____D C:\Program Files (x86)\Stardock
2022-08-04 14:51 - 2019-12-07 10:10 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscimprov.dll
2022-08-04 14:51 - 2019-12-07 10:10 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscommgmt.dll
2022-08-04 14:51 - 2019-12-07 10:10 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsadmin.exe
2022-08-04 14:51 - 2019-12-07 10:10 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcinfo.exe
2022-08-04 14:51 - 2019-12-07 10:10 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsnp.dll
2022-08-04 14:51 - 2019-12-07 10:10 - 000093510 _____ C:\WINDOWS\system32\nfsmgmt.msc
2022-08-04 14:51 - 2019-12-07 10:10 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\showmount.exe
2022-08-04 14:51 - 2019-12-07 10:10 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscprop.dll
2022-08-04 14:51 - 2019-12-07 10:10 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsrc.dll
2022-08-03 18:04 - 2021-03-21 02:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-08-01 17:47 - 2021-03-20 11:59 - 000000000 ____D C:\ProgramData\Packages
2022-07-30 11:33 - 2021-03-23 19:00 - 000000028 _____ C:\WINDOWS\OutLog.txt
2022-07-30 11:28 - 2021-03-20 20:41 - 000000000 ____D C:\Program Files (x86)\EaseUS
2022-07-30 09:58 - 2021-03-25 01:58 - 000000000 ____D C:\Program Files (x86)\Seagate
2022-07-28 11:39 - 2021-10-15 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-07-28 11:39 - 2021-10-15 22:38 - 000000000 ____D C:\Program Files\Logi
2022-07-27 09:33 - 2021-03-21 19:00 - 002754000 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-07-27 09:33 - 2021-03-21 19:00 - 000234960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-07-27 09:33 - 2021-03-21 19:00 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-07-27 09:32 - 2021-11-18 13:09 - 000144856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-07-27 09:32 - 2021-03-21 19:00 - 000402904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-07-27 09:32 - 2021-03-21 19:00 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-07-27 09:32 - 2021-03-21 19:00 - 000067032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2022-07-27 09:10 - 2022-01-22 22:11 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-27 00:27 - 2021-03-20 22:05 - 000000000 ____D C:\ProgramData\chocolatey
2022-07-25 00:38 - 2021-08-20 17:40 - 000000000 ____D C:\Users\Bob\Desktop\NUC
2022-07-24 16:14 - 2021-03-27 13:15 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Sky Go
2022-07-23 12:14 - 2021-09-19 17:10 - 000001092 _____ C:\Users\Bob\Desktop\Sky Go.lnk
2022-07-23 12:14 - 2021-03-27 13:15 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2022-07-20 20:02 - 2022-05-15 19:10 - 000000048 _____ C:\WINDOWS\SysWOW64\EUTB.TODK
2022-07-19 15:50 - 2022-07-09 10:55 - 001081592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxSup.sys
2022-07-19 15:50 - 2021-03-21 16:47 - 000191184 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2022-07-19 10:22 - 2022-07-13 09:42 - 000000000 ____D C:\Users\Bob\Desktop\!Lynton
2022-07-16 17:49 - 2022-01-23 14:18 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1005
2022-07-16 01:36 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Concentric
2022-07-15 13:48 - 2021-03-26 08:55 - 000000000 ____D C:\Users\Bob\AppData\Roaming\EurekaLog
2022-07-15 01:21 - 2022-01-23 05:47 - 000000000 ____D C:\WINDOWS\en-GB
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents

==================== Files in the root of some directories ========

2022-08-11 20:36 - 2019-12-07 10:10 - 000045984 ___SH (Microsoft Corporation) C:\Users\Bob\apjwu.exe
2022-06-08 16:23 - 2022-06-08 16:23 - 000000032 _____ () C:\Users\Bob\AppData\Roaming\07_05_2014_XX
2018-01-26 16:20 - 2018-01-26 16:20 - 001752576 _____ (Microsoft Corporation) C:\Users\Bob\AppData\Roaming\Nvidia.exe
2021-03-23 14:19 - 2022-08-14 09:33 - 000010796 _____ () C:\Users\Bob\AppData\Roaming\Safer-Networking.log
2022-03-10 23:26 - 2022-03-10 23:26 - 000049600 _____ (Microsoft Corporation) C:\Users\Bob\AppData\Roaming\servicemaster.exe
2022-07-24 22:49 - 2022-08-14 10:06 - 000000128 _____ () C:\Users\Bob\AppData\Roaming\winscp.rnd
2022-07-24 22:53 - 2022-07-24 22:55 - 000000128 _____ () C:\Users\Bob\AppData\Local\PUTTY.RND
2022-08-13 10:41 - 2022-08-13 10:41 - 000005772 _____ () C:\Users\Bob\AppData\Local\recently-used.xbel
2021-03-23 14:50 - 2021-04-30 16:11 - 000007652 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2021-06-15 16:28 - 2021-06-15 16:28 - 000000000 _____ () C:\Users\Bob\AppData\Local\{B932F81B-4F88-47CC-BBF4-A4F56A2EB52A}
2021-06-15 16:26 - 2021-06-15 16:26 - 000000000 _____ () C:\Users\Bob\AppData\Local\{F46AC5EB-762E-4D0B-AF3F-B392544D1BAA}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
[/CODE] aswMBR.txt
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2022-08-14 11:14:07
-----------------------------
11:14:07.895 OS Version: Windows x64 6.2.9200
11:14:07.903 Number of processors: 12 586 0x7100
11:14:07.911 ComputerName: BOBS-RYZEN UserName: Bob
11:14:07.925 Initialze error 1
11:15:17.289 AVAST engine defs: 17030301
11:15:39.583 The log file has been saved successfully to "D:\aswMBR\aswMBR.txt"




Any help would be greatly appreciated to remove this nasty blighter!
Thanks
PS I am a 'Home' licensee!
Bob

MrIncredible
2022-08-14, 15:37
After further investigation I think I found the culprit.

APJWU.EXE

There was a hidden and 'system' folder in my userprofile directory in which this was sat with a couple of other files. But looking at the taskmanger I'd say that this loaded first, then spawned another version of itself in my userprofile directory and then ran from that. A few minutes later the former burst into life and the latter disappeared. Even then the task manager was showing this file 'running' but there was no file on the HDD. The hidden folder ('iesqno') seemed to initiate the issue.

13322

So I quickly ended both tasks and shredded the 'iesqno' folder.
Fingers crossed

Juliet
2022-08-14, 20:39
Those were long logs to research, and we can do some tidy up.


'Interweb Managed Antivirus Endpoint Master Service' (ManagedAntivirus) <== you download this?
Spybot - Search & Destroy finds this and Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
Category: Potentially Unwanted Software
Path: file:_C:\Users\Bob\AppData\Local\01kith2k.lhh\MasterService.exe;
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3aWin32%2fCreprote&threatid=224324&enterprise=0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::



Start::
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [213]
AlternateDataStreams: C:\Users\Public\DRM:[48] احتضان
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: => (Allow) C:2\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{E7237AAF-2B3E-4F21-8954-6A45FA32BEE0}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
FirewallRules: [{4285BF2B-814C-408A-9025-238082B986A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{D20AB119-6373-42B6-B7D0-CB0FCAB12031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{9CA2861E-0E4D-44F9-AB3C-3D17F05B5848}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
FirewallRules: [{04F9D5C7-57E4-4B19-9522-9A93BAA6A578}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
FirewallRules: [{7FA052FE-C5A5-4B88-9A49-EA3FD0D5A5A4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
FirewallRules: [{78AAA5FA-E70D-4E0D-9933-1FAAD72E0B70}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
FirewallRules: [{ADD92530-E5CB-4D6C-B8BE-3FEA14DEBE14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
FirewallRules: [{DDE6CE52-9F30-4CE2-A6B7-275BA49D29D2}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
FirewallRules: [{A078ECAE-0237-46C5-8E09-0216E44B6E3C}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
FirewallRules: [{D11DDA8C-291D-4456-83FB-537BDE67D0AF}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
FirewallRules: [{8F354961-D964-41E9-A47F-A21858D14DBB}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
FirewallRules: [{FB1298C0-8189-4D6D-9503-58A7BAC457C1}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
FirewallRules: [TCP Query User{5B29A39D-F18C-4AD5-A039-5F071753EB91}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{E98D3FF4-3001-4417-8429-42701FD27CBD}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{5B84AB25-DE16-4FD6-B5D6-436A345C5099}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{F47F4BBA-597B-4087-B846-320DD9953790}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{2BF313DD-626F-480F-9361-0205BE3ABCA3}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{79911674-88D9-4C33-BD44-CC7A96F1A0A1}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{65171673-A781-4301-933B-05D55A523348}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{125BF98B-0375-4900-8356-410265F2FA58}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
FirewallRules: [TCP Query User{62CFBA62-6DF7-4F15-8BDD-06DED3BFC74F}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
FirewallRules: [UDP Query User{95BACF11-F3D8-4FA1-8479-5D82C9EBE517}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
FirewallRules: [{400AC16F-F4ED-4F43-8CCE-0104D390A749}] => (Allow) C:\Users\Bob\AppData\Local\Programs\Opera\89.0.4447.91\opera.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe" --startup_mode (No File)
HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [Fences] => "c:\program files (x86)\stardock\fences\Fences.exe" /startup (No File)
HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {6A1E6600-AA29-4F0A-BE22-29F1A484771E} - System32\Tasks\Disable_Wake => "C:\Users\Bob\Google Drive\Disable_Wake.cmd" (No File)
Task: {6C496493-7417-4A79-B1C2-7AFE38FE5237} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat (No File)
Task: {765690B6-F6FE-4E2F-82ED-E6B19F99A452} - System32\Tasks\Opera scheduled Autoupdate 1660301580 => C:\Users\Bob\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {A2971177-B9E6-42F5-9F34-8A44775EB5BF} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
Task: {A5F3D623-6A86-47A1-B637-E126039361C3} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe (No File)
Task: {AECCF170-95CE-4BC6-9759-3AB67E2635DF} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
Task: {F984F90B-3740-4420-8F4B-E3AB53B60E45} - System32\Tasks\Enable Wake => "C:\Users\Bob\Google Drive\Enable_Wake.cmd" (No File)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-08-14] <==== ATTENTION (Points to *.cfg file)
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2 [2022-08-12] <==== ATTENTION
R3 ALSysIO; C:\Users\Bob\AppData\Local\Temp\ALSysIO64.sys [47240 2022-08-14] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
U4 npcap_wifi; no ImagePath
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Malwarebytes AdwCleaner

-------------------

Please download AdwCleaner (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your Desktop
Close all open programs and browsers
Right click on the icon and select Run as administrator
Click Scan now
Allow the program to Quarantine what it finds [u]except for Pre-installed applications if you would like to keep those or other entries you would like to keep
When completed click View Scan Log File
Copy and paste the contents in your reply
Click Skip Basic Repair if it appears then close the program

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please post these 3 logs when finished.

Juliet
2022-08-23, 15:30
Glad we could help, this topic is closed.