Results 1 to 4 of 4

Thread: Win32.Fynlosk reported - cannot fix

  1. #1
    Junior Member
    Join Date
    Sep 2017
    Posts
    3

    Default Win32.Fynlosk reported - cannot fix

    Hi,

    My PC has become erratic and slow to open programs so I ran a scan.
    Spybot scan reports Win32.Fynlosk is found
    SDScan_fzKkdVV2cT.png

    The 'dclogs' folder appears to get files written to it containing my key strokes (file extension .dc)! Geez. Although I select 'Fix Selected' which deletes the folder and files, it will re-appear at different times. I have run a Rootkit analysis/Deep Scan was done on everything and it also found this in the registry which
    'Moving into quarantine HKEY_USERS\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\DC3_FEXEC'

    For now I have changed the permissions on the dclogs folder so that no further files can be created, but that may not help me at all in the short term.

    As per instructions, log files attached
    Additional.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
    Ran by Bob (14-08-2022 11:08:30)
    Running from D:\FRST64
    Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-01-22 21:11:16)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-1182144281-2128924332-3640585907-500 - Administrator - Enabled) => C:\Users\Administrator
    Bob (S-1-5-21-1182144281-2128924332-3640585907-1001 - Administrator - Enabled) => C:\Users\Bob
    DefaultAccount (S-1-5-21-1182144281-2128924332-3640585907-503 - Limited - Disabled)
    Guest (S-1-5-21-1182144281-2128924332-3640585907-501 - Limited - Enabled)
    malic (S-1-5-21-1182144281-2128924332-3640585907-1008 - Limited - Enabled)
    Mr_Inc (S-1-5-21-1182144281-2128924332-3640585907-1004 - Administrator - Disabled) => C:\Users\Mr_Inc
    WDAGUtilityAccount (S-1-5-21-1182144281-2128924332-3640585907-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7+ Taskbar Tweaker v5.13 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\7 Taskbar Tweaker) (Version: 5.13 - Ramen Software)
    7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
    AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
    AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
    AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.83 - Advanced Micro Devices, Inc.) Hidden
    AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
    AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.6.2.1818 - Advanced Micro Devices, Inc.) Hidden
    AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.2.1818 - Advanced Micro Devices, Inc.)
    AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1851 - Advanced Micro Devices, Inc.)
    AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
    AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
    Astrometa DVB-T2 (HKLM-x32\...\{D580E2AB-064A-48E1-95B0-1199E5DEEFE7}) (Version: 1.00 - Astrometa)
    AutoHotkey 1.1.33.10 (HKLM\...\AutoHotkey) (Version: 1.1.33.10 - Lexikos)
    Automatic Mouse and Keyboard 6.1.7.4 (HKLM-x32\...\{BFD646B6-E892-4B00-B6E2-71545D92BAEA}_is1) (Version: - Robot-Soft.com, Inc.)
    BatchRename Pro (HKLM-x32\...\BatchRename Pro) (Version: - )
    BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.7.200.2001 - BlueStack Systems, Inc.)
    BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.)
    BlueStacks X (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\BlueStacks X) (Version: 0.14.1.13 - BlueStack Systems, Inc.)
    BT Cloud for Windows (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\BTCloud) (Version: 21.4.10 - BT)
    ClipMate 7 (HKLM-x32\...\{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1) (Version: 7 - Thornsoft Development, Inc.)
    Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
    Corel Graphics - Windows Shell Extension (HKLM\...\_{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.0.514 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (HKLM\...\{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.514 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{E640FF5E-9022-414D-B665-79C146EDCAA3}) (Version: 22.1.514 - Corel Corporation) Hidden
    Corel Update Manager (HKLM\...\{F30F96B6-EADE-44FF-B202-C8697BC088F8}) (Version: 2.14.626 - Corel corporation) Hidden
    CorelDRAW Technical Suite 2020 - IPM (x64) (HKLM\...\{52D2611E-17E2-4AC2-9BB6-0255F453664E}) (Version: 22.2 - Corel Corporation) Hidden
    CorelDRAW Technical Suite 2020 - IPM Content (x64) (HKLM\...\{D17AA252-0EDB-4842-9D00-A9A39008450B}) (Version: 22.1 - Corel Corporation) Hidden
    CorelDRAW Technical Suite 2020 - IPM Lattice (x64) (HKLM\...\{AD51F620-6B6C-4A5B-9D54-9B62C26C16DB}) (Version: 22.1 - Corel Corporation) Hidden
    CorelDRAW Technical Suite 2020 - Writing Tools (x64) (HKLM\...\{60AB95FB-5BF2-405C-A459-616EEC216A90}) (Version: 22.2 - Corel Corporation) Hidden
    CorelDRAW Technical Suite 2020 (64-Bit) (HKLM\...\_{D92038D5-781B-4FD6-AE4F-D365ECE818BC}) (Version: 22.2.0.532 - Corel Corporation)
    CPUID CPU-Z 2.00 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.00 - CPUID, Inc.)
    CrystalDiskInfo 8.17.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.4 - Crystal Dew World)
    CrystalDiskMark 8.0.1 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.1 - Crystal Dew World)
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 17.3 - Illustrate)
    Discord (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
    DisplayFusion 10.0 (Beta 16) (64-bit) (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.9.99.116 - Binary Fortress Software)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 154.4.5363 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.639.1 - Dropbox, Inc.) Hidden
    EaseUS CleanGenius 2.4.1 (HKLM-x32\...\EaseUS CleanGenius_is1) (Version: - EaseUS)
    EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Partition Master Suite 16.6 (HKLM-x32\...\EaseUS Partition Master Suite_is1) (Version: - EaseUS)
    EaseUS Todo Backup 14.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 14.0 - EaseUS)
    EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
    EasyUEFI version 3.8 (HKLM\...\EasyUEFI_is1) (Version: 3.8 - Hasleo Software.)
    Emby Theater (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Emby Theater) (Version: 3.0 - Emby Team)
    ENE_DRAM_GSKILL_SE (HKLM\...\{5A6AC577-F8F8-4B6A-B684-13FD7E306CA2}) (Version: 1.0.1.0 - Ene Tech.) Hidden
    ENE_DRAM_GSKILL_SE (HKLM-x32\...\{bf49eb2f-f2fb-4631-a95a-1f0cadd21eac}) (Version: 1.0.1.0 - Ene Tech.) Hidden
    ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.31 - Ene Tech.) Hidden
    ENE_DRAM_RGB_AIO (HKLM-x32\...\{cb8809b0-c2ad-40f3-80c7-8ebf6c6f8f63}) (Version: 1.0.3.31 - Ene Tech.) Hidden
    ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
    ENE_EHD_M2_HAL (HKLM-x32\...\{aeca6fd4-1d77-499a-b01c-d4521a6b7bff}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
    ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
    ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
    ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden
    ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden
    Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
    ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8775D7835}) (Version: 10.25.0.4 - ExpressVPN) Hidden
    ExpressVPN (HKLM-x32\...\{eafa6d06-61ee-4d6d-9946-df5550de95b9}) (Version: 10.25.0.4 - ExpressVPN)
    FreeDNS Update 1.8.4 (HKLM-x32\...\FreeDNS Update) (Version: 1.8.4 - TechKnow Professional Services)
    Galaxy Watch Studio 2.0.1 (HKLM\...\Gear Watch Designer) (Version: 2.0.1 - Samsung Electronics)
    Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
    Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
    GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
    Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 62.0.1.0 - Google LLC)
    GoTo Opener (HKLM-x32\...\{E60C4953-B75D-4551-9C31-9E4932B4FAA1}) (Version: 1.0.551 - LogMeIn, Inc.)
    GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
    GrabIt 1.7.5 Beta 3 (build 1022) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
    HHD Software Free Hex Editor Neo 6.54 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.54.02.6790 - HHD Software, Ltd.)
    HWiNFO64 Version 7.06 (HKLM\...\HWiNFO64_is1) (Version: 7.06 - Martin Malik - REALiX)
    i1Studio1.5.0 (HKLM-x32\...\i1Studio_is1) (Version: 1.5.0 - X-Rite)
    IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
    ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20210125 - )
    Inkscape (HKLM-x32\...\Inkscape) (Version: 1.1.1- - Inkscape)
    ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
    Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
    Java(TM) SE Development Kit 18.0.2 (64-bit) (HKLM\...\{EA16FB93-3AC2-538A-A3AD-03372A6682EA}) (Version: 18.0.2.0 - Oracle Corporation)
    Kutools for Excel 16.50 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 16.50 - Addin Technology Inc.)
    Kutools for Excel 16.50 (HKLM-x32\...\Kutools for Excel 16.50) (Version: 16.50 - Addin Technology Inc)
    LAV Filters 0.76.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.76.1 - Hendrik Leppkes)
    LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
    Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.3.5 - Hermann Schinagl)
    Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
    Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
    Marcs Updater (HKLM\...\{B7D5E900-AF40-11DD-AD8B-0800200C9A66}_is1) (Version: 1.5.3.305 - Marc Hörsken)
    Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
    Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
    Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
    Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
    Microsoft .NET Host - 6.0.8 (x64) (HKLM\...\{6950FA03-8B88-4675-B685-FB21CA1762CC}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
    Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
    Microsoft .NET Host FX Resolver - 6.0.8 (x64) (HKLM\...\{3C3CA326-3F1D-43B7-B0AD-CBC06B2DED5A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
    Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
    Microsoft .NET Runtime - 6.0.8 (x64) (HKLM\...\{7CEA3ABF-FE24-42AF-ADE6-B4A3EE346743}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15427.20194 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
    Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
    Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.156.0724.0001 - Microsoft Corporation)
    Microsoft Teams (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Teams) (Version: 1.5.00.21463 - Microsoft Corporation)
    Microsoft Teams (HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
    Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.15427.20194 - Microsoft Corporation)
    Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{90120064-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
    Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{90F60409-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
    Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
    Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
    Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
    Microsoft Windows Desktop Runtime - 3.1.28 (x64) (HKLM\...\{258184C9-1C62-47DB-9CA2-7BB24E9145C0}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
    Microsoft Windows Desktop Runtime - 3.1.28 (x64) (HKLM-x32\...\{263b65f5-7e4d-4df3-b94b-a8e8983179cf}) (Version: 3.1.28.31513 - Microsoft Corporation)
    Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
    Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
    Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM\...\{EB3983F9-3D60-456D-A11A-C1366C79AD3E}) (Version: 48.35.45540 - Microsoft Corporation) Hidden
    Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM-x32\...\{ca35acb3-b442-44fb-924c-4448120bf689}) (Version: 6.0.8.31518 - Microsoft Corporation)
    Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 103.0.2 (x64 en-GB)) (Version: 103.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0 - Mozilla)
    Mozilla Thunderbird 78.8.1 (x64 en-US) (HKLM\...\Mozilla Thunderbird 78.8.1 (x64 en-US)) (Version: 78.8.1 - Mozilla)
    Mp3tag v2.45a (HKLM-x32\...\Mp3tag) (Version: v2.45a - Florian Heidenreich)
    MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
    MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2021.1224.01 - MSI)
    MSI Kombustor 4.1.12.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
    Multi-Sub Optimizer 1.1.9.1 (HKLM-x32\...\Multi-Sub Optimizer) (Version: 1.1.9.1 - Bass-O-Matic)
    NoDrives Manager 1.2.0 (HKLM-x32\...\NoDrives Manager) (Version: 1.2.0 - Hagon)
    NVIDIA FrameView SDK 1.2.7704.31296923 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7704.31296923 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
    NVIDIA Graphics Driver 516.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.59 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
    NZBGet (HKLM-x32\...\NZBGet) (Version: - nzbget.net)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
    OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
    Open-Shell (HKLM\...\{F4B6EE58-F183-4B0D-930B-4480673C0F5B}) (Version: 4.4.160 - The Open-Shell Team)
    Oracle VM VirtualBox 6.1.36 (HKLM\...\{8B78A2AB-34B5-4546-8CCF-B78C916BBD98}) (Version: 6.1.36 - Oracle Corporation)
    Peace (HKLM\...\Peace) (Version: 1.6.2.6 - P.E. Verbeek)
    PerformanceTest v10 (HKLM\...\PerformanceTest 10_is1) (Version: 10.1.1000.0 - Passmark Software)
    PowerToys (Preview) (HKLM\...\{9910B55C-10DC-4349-930D-306BA07C760B}) (Version: 0.61.0 - Microsoft Corporation) Hidden
    PowerToys (Preview) x64 (HKLM-x32\...\{b6903a05-8ad0-4e66-8afe-32f167e55270}) (Version: 0.61.0 - Microsoft Corporation)
    Pulse-Eight USB-CEC Adapter driver (HKLM-x32\...\Pulse-Eight USB-CEC Adapter driver) (Version: - Pulse-Eight Limited)
    Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation)
    QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
    Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.051.0811.2021 - Realtek)
    REW 5.20.9 (HKLM\...\4549-9647-2313-4375) (Version: 5.20.9 - John Mulcahy)
    RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
    Rubberduck (Current User) 2.5.2.5906 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\{DF0E0E6F-2CED-482E-831C-7E9721EB66AA}_is1) (Version: 2.5.2.5906 - Rubberduck)
    SABnzbd 3.5.1 (HKLM-x32\...\SABnzbd) (Version: 3.5.1 - The SABnzbd Team)
    Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
    Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.)
    Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
    Sandboxie-Plus v0.7.2 (HKLM\...\Sandboxie-Plus_is1) (Version: 0.7.2 - hxxp://xanasoft.com/)
    SBMConsoleV2 (HKLM-x32\...\SBMConsoleV2_is1) (Version: - 2BrightSparks)
    SBMServiceV2 (HKLM-x32\...\SBMServiceV2_is1) (Version: - 2BrightSparks)
    Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.9.2.0 - Seagate)
    Seagate Drive Settings Installer (HKLM-x32\...\{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC) Hidden
    Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
    SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
    ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 14.1.0 - ShareX Team)
    Sky Go 22.7.1.0 (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\com.bskyb.skygoplayer_is1) (Version: 22.7.1.0 - Sky)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.8 - Safer-Networking Ltd.)
    Startup Delayer v3.0 (build 366) (HKLM-x32\...\Startup Delayer) (Version: 3.0 (build 366) - r2 Studios)
    SyncBackPro x64 (HKLM-x32\...\SyncBackPro64_is1_is1) (Version: 10.2.39.0 - 2BrightSparks)
    TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
    TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.2.0 - Helios)
    TIDAL (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\TIDAL) (Version: 2.30.0 - TIDAL Music AS)
    TVR 4.8.2 (HKLM-x32\...\DTV_1.0) (Version: 4.8.2 - Astrometa)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
    Wake-On-LAN Sender 2.0.12 (HKLM-x32\...\Wake-On-LAN Sender_is1) (Version: 2.0.12 - Alexander Yarovy)
    WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
    WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
    WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
    WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WhatsApp (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\WhatsApp) (Version: 2.2228.14 - WhatsApp)
    Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 1.33.0.0 - Winaero)
    Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WinSCP 5.21.2 (HKLM-x32\...\winscp3_is1) (Version: 5.21.2 - Martin Prikryl)
    X-Rite Device Services Manager (HKLM\...\{9E7734B1-71D2-4C78-9C55-0A8E0EEDB3A5}) (Version: 3.1.110.130 - X-Rite)
    XYplorer 23.00 (HKLM-x32\...\XYplorer) (Version: 23.00 - Donald Lessau, Cologne Code Company)
    Zoom (HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08 [2022-08-05] (AMZN Mobile LLC.) [Startup Task]
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2331.2.0_x64__kgqvnymyfvs32 [2022-08-08] (king.com)
    Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.4.6.0_neutral__yxz26nhyzhsrt [2022-08-08] (Microsoft Corp.)
    Date Picker for Excel -> C:\Program Files\WindowsApps\UniformSoftwareLimited.DatePickerforExcel_6.14.111.0_x64__nm35t2p0dgqtm [2022-07-22] (Uniform Software Limited)
    Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktopWallpapers_1.2.17.0_neutral__agy8jafheqhng [2022-07-07] (Ambient Software) [Startup Task]
    Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.34.1.0_x64__6rarf9sa4v8jt [2022-07-29] (Disney)
    Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.1.5965.0_x64__rz1tebttyb220 [2022-07-30] (Dolby Laboratories)
    DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p [2022-04-10] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-29] (Microsoft Studios) [MS Ad]
    Mouse Gestures -> C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation)
    MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.50.0_x64__kzh8wxbdkxb8p [2022-07-07] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
    MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_1.0.42.0_x64__kzh8wxbdkxb8p [2022-04-10] (MICRO-STAR INTERNATIONAL CO., LTD)
    Nebo -> C:\Program Files\WindowsApps\VisionObjects.MyScriptNebo_3.4.12933.0_x64__1rjv6qr7skr92 [2022-07-07] (MyScript)
    NFO Viewer -> C:\Program Files\WindowsApps\5480BrunoGiordano.NFOViewer_1.0.1.1_neutral__xzarbek87fvdr [2022-04-10] (Bruno Giordano)
    NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-07-10] (NVIDIA Corp.)
    OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2022-07-07] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-12] (Microsoft Corporation)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-04-10] (Realtek Semiconductor Corp)
    Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2022-04-10] (Samsung Electronics Co. Ltd.)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
    WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2228.14.0_x64__cv1g1gvanyjgm [2022-08-10] (WhatsApp Inc.)
    Windows App Runtime DDLM 3.469.1654.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x6_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
    Windows App Runtime DDLM 3.469.1654.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x8_3.469.1654.0_x86__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
    Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2022-04-10] (Microsoft Corporation)
    Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.811.2117.484_neutral__8wekyb3d8bbwe [2022-08-11] (Microsoft Corporation)
    WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2022-06-15] (Microsoft Corporation)
    WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_4.528.1755.0_x86__8wekyb3d8bbwe [2022-06-15] (Microsoft Corporation)
    WindowsAppRuntime.Main.1.0 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsAppRuntime.Main.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2022-06-15] (Microsoft Corp.)
    WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-01B2-B5E6-5448D0C39AF7} -> [contegosafety.co.uk] => C:\Users\Bob\contegosafety.co.uk [2021-05-18 09:38]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-5181-AD22-71FA141D72F4} -> [Numerical Algorithms Group Ltd] => C:\Users\Bob\Numerical Algorithms Group Ltd [2021-07-20 13:56]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-B16E-553D-D70123E598C1} -> [Gradient] => C:\Users\Bob\Gradient [2022-01-24 13:17]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{04271989-C4D2-C544-0519-24EB3E3C2825} -> [OneDrive - Gradient] => C:\Users\Bob\OneDrive - Gradient [2022-01-29 02:10]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{36B27788-A8BB-4698-A756-DF9F11F64F84}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{45769bcc-e8fd-42d0-947e-02beef77a1f5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F697-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F699-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DA-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DC-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{69E0F7DD-43F0-3B33-B105-9B8188A6F040}\InprocServer32 -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.dll (Rubberduck-VBA) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bob\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{8BC8AFC2-4E7C-4695-818E-8C1FFDCEA2AF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions) [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\FileDocument.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{afbd5a44-2520-4ae0-9224-6cfce8fe4400}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\hhdhexneo.dll (HHD SOFTWARE LIMITED -> HHD Software Ltd.)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{BFEE99B4-B74D-4348-BCA5-E757029647FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ddee2b8a-6807-48a6-bb20-2338174ff779}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Bob\Dropbox [2021-06-15 17:22]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{ec52dea8-7c9f-4130-a77b-1737d0418507}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Bob\AppData\Local\HHD Software\Free Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll () [File not signed]
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers1-x32: [BatchRename Shell] -> {407B7FEE-9820-4B36-A1BF-6469C52300A0} => C:\Program Files (x86)\BatchRename Pro\BatchRenShell.dll [2008-06-15] (foryoursoft.com) [File not signed]
    ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
    ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2022-07-31] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
    ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncShell64.dll [2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\62.0.1.0\drivefsext.dll [2022-07-28] (Google LLC -> Google, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\nvshext.dll [2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers6-x32: [BatchRename Shell] -> {407B7FEE-9820-4B36-A1BF-6469C52300A0} => C:\Program Files (x86)\BatchRename Pro\BatchRenShell.dll [2008-06-15] (foryoursoft.com) [File not signed]
    ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2020-09-26] (Open-Shell) [File not signed]
    ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [File not signed]
    ContextMenuHandlers1_S-1-5-21-1182144281-2128924332-3640585907-1001: [TextPad] -> {ABECE8A0-FF84-4efb-82AE-9B3181CE097D} => C:\Program Files (x86)\TextPad 5\System\shellext64.dll [2007-03-27] (Helios Software Solutions) [File not signed]

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
    HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Bob\Dropbox\StartNAS_Wait.bat - Shortcut.lnk -> C:\Users\Bob\Dropbox\StartNAS_Wait.bat ()
    Shortcut: C:\Users\Bob\Documents\scrcpy-win64\Wake_Shield.bat - Shortcut.lnk -> C:\Users\Bob\Documents\scrcpy-win64\Wake_Shield.bat ()
    Shortcut: C:\Users\Bob\Desktop\Shield.lnk -> C:\ProgramData\chocolatey\lib\scrcpy\tools\Wake_Shield.bat ()
    Shortcut: C:\Users\Bob\Desktop\Gradient Files\Shield.lnk -> C:\ProgramData\chocolatey\lib\scrcpy\tools\Wake_Shield.bat ()
    Shortcut: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rubberduck\Repair VBE Addin registration.lnk -> C:\Users\Bob\AppData\Local\Rubberduck\Rubberduck.RegisterAddIn.bat ()
    Shortcut: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
    ShortcutWithArgument: C:\Users\Bob\Desktop\Bob.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Bob"
    ShortcutWithArgument: C:\Users\Bob\Desktop\Gradient.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Gradient"
    ShortcutWithArgument: C:\Users\Bob\Desktop\Miscellaneous\Bob (Gradient) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile2"
    ShortcutWithArgument: C:\Users\Bob\Desktop\Miscellaneous\Bob - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="default"
    ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HTTP Archive Viewer.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Profile2 --app-id=ebbdbdmhegaoooipfnjikefdpeoaidml
    ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bob - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="default"
    ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Coretime Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile2"
    ShortcutWithArgument: C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Bob (Gradient) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Profile2

    ==================== Loaded Modules (Whitelisted) =============

    2022-05-15 18:23 - 2022-04-24 16:06 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2022-05-15 18:23 - 2022-04-24 16:06 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 001664512 _____ () [File not signed] C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
    2022-08-14 10:25 - 2017-03-14 15:51 - 001714688 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy64.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 000011776 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Reaver.SuperResolution.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 000024576 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Reaver.SystemControlWin32.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 076321280 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.dll
    2021-12-13 19:34 - 2021-12-13 19:34 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\e_sqlite3.dll
    2022-02-10 13:53 - 2022-02-10 13:53 - 000164352 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\libpryon_lite-PRL2000.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 006132224 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\NativeRingService.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 000050176 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Components.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 000027136 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Http.Curl.Shim.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 000032256 _____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Reaver.Intel.Shim.dll
    2021-03-21 11:51 - 2009-08-16 18:06 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
    2022-07-22 14:53 - 2022-07-22 14:53 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
    2022-07-22 14:53 - 2022-07-22 14:53 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
    2022-06-05 10:28 - 2021-01-07 18:01 - 000034304 _____ (Atif Aziz, Colin Ramsay) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Fizzler.dll
    2021-12-30 17:44 - 2018-11-15 15:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\IcMSIDll.dll
    2022-05-15 18:23 - 2022-04-24 16:06 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2007-03-27 14:23 - 2007-03-27 14:23 - 000058368 _____ (Helios Software Solutions) [File not signed] C:\Program Files (x86)\TextPad 5\System\shellext64.dll
    2021-10-30 15:44 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
    2022-03-13 13:19 - 2022-03-13 13:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
    2022-03-13 13:19 - 2022-03-13 13:19 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
    2022-06-05 10:28 - 2022-04-11 14:16 - 000753152 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Svg.dll
    2021-12-30 17:44 - 2018-08-31 08:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\MsIo32_Galax.dll
    2020-09-26 14:47 - 2020-09-26 14:47 - 000975872 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\ClassicExplorer64.dll
    2020-09-26 14:47 - 2020-09-26 14:47 - 002659328 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
    2020-09-26 14:48 - 2020-09-26 14:48 - 000562688 _____ (Open-Shell) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
    2022-06-05 10:28 - 2022-05-07 20:49 - 000441856 _____ (Sentry.io) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\Sentry.dll
    2022-06-05 10:28 - 2022-04-21 10:18 - 001801216 _____ (Six Labors) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\SixLabors.ImageSharp.dll
    2022-08-12 11:53 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2022-07-22 14:53 - 2022-07-22 14:53 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
    2022-05-06 19:56 - 2022-05-06 19:56 - 002609152 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\libcurl.dll
    2022-06-05 10:28 - 2020-10-26 12:35 - 002398208 _____ (The Legion of the Bouncy Castle Inc.) [File not signed] [File is in use] C:\Program Files (x86)\DisplayFusion\BouncyCastle.Crypto.dll
    2022-05-30 15:34 - 2020-06-17 11:01 - 001380864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\2BrightSparks\SBMServiceV2\libeay32.dll
    2022-05-30 15:34 - 2020-06-17 11:01 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\2BrightSparks\SBMServiceV2\ssleay32.dll
    2022-05-15 18:23 - 2022-04-24 16:06 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
    2022-05-15 18:23 - 2022-04-24 16:06 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
    2022-08-12 11:53 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
    2022-08-12 11:53 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
    2021-03-20 21:26 - 2020-06-17 11:01 - 002293248 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\2BrightSparks\SyncBackPro\libeay32.dll
    2021-03-20 21:26 - 2020-06-17 11:01 - 000386560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\2BrightSparks\SyncBackPro\ssleay32.dll
    2022-07-22 14:53 - 2022-07-22 14:53 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
    2022-07-22 14:53 - 2022-07-22 14:53 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
    2022-07-30 11:28 - 2021-04-14 08:51 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\libcrypto-1_1.dll
    2022-07-30 11:28 - 2021-04-14 08:51 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\libssl-1_1.dll
    2022-01-12 17:46 - 2016-10-04 05:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\SDKDLL.dll
    2021-09-12 18:20 - 2021-09-12 18:20 - 000266752 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bass.dll
    2021-09-12 18:20 - 2021-09-12 18:20 - 000112640 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bassmidi.dll
    2021-09-12 18:20 - 2021-09-12 18:20 - 000045056 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\bassmix.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 001502208 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1iO.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 003962368 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Pro.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 001492480 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1iO3.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 003992576 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1Pro3.dll
    2020-01-30 17:18 - 2020-01-30 17:18 - 000150016 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1pro3.xrdevice
    2020-01-30 17:17 - 2020-01-30 17:17 - 002359296 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1isis\EyeOne_iSis.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 001019392 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Fun.dll
    2020-01-30 17:17 - 2020-01-30 17:17 - 001162752 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro3\i1Pro3Fun.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [213]
    AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.reg: => <==== ATTENTION
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.bat: => <==== ATTENTION
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.cmd: => <==== ATTENTION

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2020-09-26] (Open-Shell) [File not signed]
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2020-09-26] (Open-Shell) [File not signed]
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed]
    Toolbar: HKLM - &ClipMate ClipBar v7.5 - {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll [2013-03-20] (Thornsoft Development, Inc. -> Thornsoft Development, Inc)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed]
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\PE_C_.NET V4.5\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\008i.com -> 008i.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\008k.com -> www.008k.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\010402.com -> 010402.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\PE_C_.NET V4.5\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\PE_C_.NET V4.5\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\PE_C_.NET V4.5\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\PE_C_.NET V4.5\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\008i.com -> 008i.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\008k.com -> www.008k.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\010402.com -> 010402.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\PE_C_.NET V4.5 CLASSIC\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008i.com -> 008i.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008k.com -> www.008k.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\010402.com -> 010402.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE trusted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\sharepoint.com -> hxxps://gradientconsulting-files.sharepoint.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2021-06-15 16:34 - 2022-08-14 10:04 - 000328490 _____ C:\WINDOWS\system32\drivers\etc\hosts
    0.0.0.0 app-sj01.marketo.com*
    0.0.0.0 analytics.ff.avast.com
    0.0.0.0 analytics.ns1.ff.avast.com
    0.0.0.0 v7event.stats.avcdn.net
    0.0.0.0 v7.stats.avcdn.net
    0.0.0.0 analytics.rollout.io
    0.0.0.0 a.fiksu.com
    0.0.0.0 sdk.fiksu.com
    0.0.0.0 static.hotjar.com
    0.0.0.0 flow.lavasoft.com
    0.0.0.0 telemetry.servers.getgo.com
    0.0.0.0 telemetry.malwarebytes.com
    0.0.0.0 ws.mcafee.com
    0.0.0.0 analytics.ccs.mcafee.com
    0.0.0.0 analyticsdcs.ccs.mcafee.com
    0.0.0.0 h.online-metrix.net
    0.0.0.0 analytics.paddle.com
    0.0.0.0 carcharodon.trendmicro.com
    0.0.0.0 cdn.segment.com
    0.0.0.0 api.segment.io
    0.0.0.0 mobile-service.segment.com

    2021-11-03 14:51 - 2021-11-03 14:55 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\dBpoweramp;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Python27;C:\Program Files (x86)\EaseUS\Todo Backup\bin;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
    HKU\PE_C_.NET V4.5\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\PE_C_.NET V4.5 CLASSIC\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\PE_C_DEFAULTAPPPOOL\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\DisplayFusion\Wallpaper_1.png
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_1.png
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    Network Binding:
    =============
    VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
    Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
    Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\StartupApproved\Run: => "LogiBolt"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "LogiBolt"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\StartupApproved\Run: => "GoogleDriveFS"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
    FirewallRules: [{2E20CC40-9CDF-4E9A-B3A2-DE160C1E4643}] => (Allow) LPort=32682
    FirewallRules: [UDP Query User{4DDB7D3C-B14C-4CFB-8AC6-86FBDE0C88F3}C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe => No File
    FirewallRules: [TCP Query User{0838995E-02B0-42D1-BB2B-C572F344547F}C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.28.0\tidal.exe => No File
    FirewallRules: [UDP Query User{CF4198A7-B80F-4F38-8F3B-378D1EC55DB1}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{E7237AAF-2B3E-4F21-8954-6A45FA32BEE0}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
    FirewallRules: [{6209463D-38B3-442A-AD13-73D8FD619287}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [{77FF66F1-E9B5-4634-86E6-65C62BDA92B5}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [{933D5555-ADB7-4C5C-A808-DF4681EE6FAA}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [{A2AC5FAA-E7CE-4052-B75A-5A8723B2A6EC}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [{6C24BFA4-6C86-43E0-95EC-EF7C7EDFF4D4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{59363364-FE71-4560-9A1C-0C3AF200B5D2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{0651473B-DD1C-41BC-84B7-DC6E63DA3F4E}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{BDF8BCEC-E580-4F15-8C3A-F2FA5C968A09}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{A9855F24-BA81-4642-B70A-4AD5FCCCD52C}] => (Allow) C:\Users\Bob\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{4285BF2B-814C-408A-9025-238082B986A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
    FirewallRules: [{D20AB119-6373-42B6-B7D0-CB0FCAB12031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
    FirewallRules: [UDP Query User{7D0BAB81-ACF3-4276-97EA-96419D516663}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [TCP Query User{F1A3EAA9-E5BC-4CDB-8BA3-7D043D72E61F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{E2FB62E5-0CE5-4E2D-824D-47AE733024E9}] => (Allow) C:\Program Files\Marcs Updater\Marcs Updater.exe (Open Source Developer, Marc Hörsken -> Marc Hörsken)
    FirewallRules: [{CEFD070A-418E-43BB-9593-AEC49D53F9CA}] => (Allow) C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe () [File not signed]
    FirewallRules: [{80732829-2300-4737-8750-0BF987AF3B36}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{23582651-FBE0-4040-B21C-12C59CE15025}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{313190DD-5D08-49A7-AD79-062603A4ED04}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{A3ACF260-8B34-45E9-9A7E-A0245C6D8495}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{1865478C-C321-4F8A-9917-5B4AF5C6BC97}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{E7A2A53C-9EE5-4C7F-83CA-226C8297DDDA}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{9CA2861E-0E4D-44F9-AB3C-3D17F05B5848}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
    FirewallRules: [{04F9D5C7-57E4-4B19-9522-9A93BAA6A578}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
    FirewallRules: [{7FA052FE-C5A5-4B88-9A49-EA3FD0D5A5A4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
    FirewallRules: [{78AAA5FA-E70D-4E0D-9933-1FAAD72E0B70}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
    FirewallRules: [{ADD92530-E5CB-4D6C-B8BE-3FEA14DEBE14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
    FirewallRules: [{DDE6CE52-9F30-4CE2-A6B7-275BA49D29D2}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
    FirewallRules: [{A078ECAE-0237-46C5-8E09-0216E44B6E3C}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
    FirewallRules: [{D11DDA8C-291D-4456-83FB-537BDE67D0AF}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
    FirewallRules: [{26179CE7-2B91-4DA4-AFCE-50C24E713E17}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{1BB65282-F2AF-42BF-9017-FC5E14058BC6}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{A4A93038-A795-427F-AB9E-F4F7D5978E14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{E7C37D08-1848-48D4-BF8E-A1059743AA0E}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{8F354961-D964-41E9-A47F-A21858D14DBB}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
    FirewallRules: [{FB1298C0-8189-4D6D-9503-58A7BAC457C1}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
    FirewallRules: [TCP Query User{C8A6CDF1-8ED1-488D-A2C5-B9ACD1FE283B}C:\users\bob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\bob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [UDP Query User{691AE282-6E72-4331-805B-62A8B3F389BD}C:\users\bob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\bob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{B5510138-266B-4C0C-8CF0-75127221286F}C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
    FirewallRules: [UDP Query User{B832207B-277F-4557-829B-D8C67041F769}C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.29.7\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
    FirewallRules: [TCP Query User{5B29A39D-F18C-4AD5-A039-5F071753EB91}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{E98D3FF4-3001-4417-8429-42701FD27CBD}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{535396DD-C819-4D42-9C2D-E5FF3B92309F}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Connect64\Connect.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{A488E094-DDAF-494F-A626-C8623EFB9A93}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Connect64\Connect.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{9A9A201F-CB14-4180-809F-4B1326C09B3A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\CorelPS2PDF.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{18711DC2-BF37-49C2-8F17-EDEB72178E78}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\CorelPS2PDF.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{4CE03474-0F05-4700-B432-FCD2502E28F5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvert.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{04B986FC-BE40-4A57-B293-2E7C883A6435}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvert.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{D0130BF4-793E-414D-84B0-95D66874DCF4}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvertInstaller.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{A10BA95F-E6FB-4FD6-9A59-810E7BEEA871}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Filters64\ooxmlConvertInstaller.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{9AF69C40-9182-452C-BFC4-F550FD894D9A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\BarCode.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{65E6A799-0C60-4BEF-B315-AB0480001E7A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\BarCode.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{9E0073AD-0272-45A9-A575-EAE514620274}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CdrConv.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{20356890-1914-432F-A2ED-DFA903176208}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CdrConv.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{31C212B7-977C-4CC1-8F4D-2F56B05E7E50}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelDRW.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{5FF551FC-9ABA-412E-ABAE-A4B58E9A7B12}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelDRW.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{EA72EEE5-F96D-4A78-A0A1-7E03A8A11CB3}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{6BA2811F-F7A4-49D2-B2CE-3E9DB915FDA5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{CEBDFFF2-F755-417A-AFC8-EE5798C0255F}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CrlUISvr.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{098C3D97-7B68-4041-8056-E4B0052D2210}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\CrlUISvr.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{D6EA38CA-F3F1-4555-BD6A-EFBF3642F78B}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\Designer.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{9B6AE120-16E6-4028-8024-45487DEF05A5}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\Designer.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{40FACE51-0721-44C2-BA7D-E2FC991EEA42}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\FontService.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{BA98E2EE-3B8F-412A-8ED9-F8D275F62EE7}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\FontService.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{290F8143-ED78-4CB7-803D-F07C26A7868C}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\InterprocessController.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{44961956-5B54-4324-9C72-BD72AF405268}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\InterprocessController.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{22663852-4739-40C5-ACD8-497227DBB1AA}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\IPPInstaller.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{B2AAD368-39A5-4434-B407-9B1085D98D43}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\IPPInstaller.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{CE1F1290-CAED-46A4-8418-392A54183100}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\PrintWiz.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{4F6F0255-C8AC-486A-A330-A931FAB889DD}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Programs64\PrintWiz.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{27A43D21-E3B5-446E-8ED2-54CE291CF06A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\RegisterCDTS.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{EB7F7A81-4003-4CE6-A044-8D9A4FE4E0A6}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\RegisterCDTS.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{A62D123B-6295-424D-A821-1AE9D50B3F32}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\Setup.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{10C31BD3-7158-4801-9A9A-352C0163EA95}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\Setup.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{24CE1021-EDDF-4022-815D-61B08013D34A}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\SetupARP.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{6603CB8F-AC85-41AF-8A23-B0513330A9FB}] => (Block) C:\Program Files\Corel\CorelDRAW Technical Suite 2020\Setup\SetupARP.exe (Corel Corporation -> Corel Corporation)
    FirewallRules: [{22A4F805-573F-45D6-8CA7-91FDD978CADE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{5B84AB25-DE16-4FD6-B5D6-436A345C5099}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{F47F4BBA-597B-4087-B846-320DD9953790}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{2BF313DD-626F-480F-9361-0205BE3ABCA3}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{79911674-88D9-4C33-BD44-CC7A96F1A0A1}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
    FirewallRules: [{EB41D21A-6648-42B8-8514-598CAA8FC310}] => (Allow) LPort=6789
    FirewallRules: [TCP Query User{65171673-A781-4301-933B-05D55A523348}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{125BF98B-0375-4900-8356-410265F2FA58}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
    FirewallRules: [{9FAC8484-FED8-4FDE-992D-6CAAC727B067}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [{ED24C4B2-94B1-4A42-BA31-5B1E646BDC36}] => (Allow) C:\Program Files\SABnzbd\SABnzbd-console.exe (The SABnzbd-Team) [File not signed]
    FirewallRules: [TCP Query User{514B5D7D-9148-466B-9D16-582B673AFCBD}C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
    FirewallRules: [UDP Query User{99995C9C-B7EF-4996-A385-65D0F2743EC4}C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\bob\appdata\local\tidal\app-2.30.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
    FirewallRules: [{6F61A388-3937-4848-AD50-6EBF9D7EAB50}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
    FirewallRules: [{D6041A70-FC4D-4CA1-A620-1936DA95A6C3}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
    FirewallRules: [{E51060CC-DCCD-4BB8-9BAC-320FBFD6F2B5}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
    FirewallRules: [{1F5B4E56-2065-4149-BF76-AC4B11C73B9E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{5B3EF130-DCE6-4180-AE05-6B5398137B66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{64B1333E-344D-4399-BB57-5DCEB35553EF}C:\program files\galaxy watch studio\galaxywatchstudio.exe] => (Allow) C:\program files\galaxy watch studio\galaxywatchstudio.exe (Samsung Electronics CO., LTD. -> )
    FirewallRules: [UDP Query User{0E9D817F-9720-4591-8974-E7FE0E0647CD}C:\program files\galaxy watch studio\galaxywatchstudio.exe] => (Allow) C:\program files\galaxy watch studio\galaxywatchstudio.exe (Samsung Electronics CO., LTD. -> )
    FirewallRules: [TCP Query User{91E37829-9397-4F3A-9FDE-565CFC2BCC4D}C:\program files\galaxy watch studio\tizen\tools\sdb.exe] => (Allow) C:\program files\galaxy watch studio\tizen\tools\sdb.exe (Samsung Electronics CO., LTD. -> )
    FirewallRules: [UDP Query User{A26AF322-D0C7-4E60-A5E9-343CD3DA40C9}C:\program files\galaxy watch studio\tizen\tools\sdb.exe] => (Allow) C:\program files\galaxy watch studio\tizen\tools\sdb.exe (Samsung Electronics CO., LTD. -> )
    FirewallRules: [{DCEFCEEC-1C18-4898-A41A-444280E2B4AC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{B9B293AA-7F08-40F8-9C63-DB1C856510AD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{58732D40-7F51-44C5-A565-2AD15C252AD3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{BB6C6413-DC63-4C7B-B5A1-FCCB4735EAB0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{F57391EC-43FD-4910-BCC0-38259ECDB8BD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
    FirewallRules: [{92FCCC40-3437-46FB-A3AE-DC7517C81F2C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
    FirewallRules: [{C07B676B-D4DD-4959-8069-5C0EE1E86C3F}] => (Allow) C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)
    FirewallRules: [{AD75A8A4-93E8-4D09-8CC2-90BB4977FCF5}] => (Allow) C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
    FirewallRules: [{44A5EED4-4AC4-4AA6-8E46-6CE942512B4E}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{DB6CE225-82CC-49CD-9CA4-31FDFD876FAB}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{82E48A0A-074F-4986-8981-D447EF70A116}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{D3A72666-8964-4CD7-B9B1-E88401A23A5D}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{0DEEDF41-0B12-4116-A21E-A57521559A26}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{E0D09879-7CD3-48DE-A3D3-715C9E5FB897}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHelperWin8.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{03578454-2CAA-41AC-9968-2AC4D0AA8AA3}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{E73A7B3E-F8A1-4F52-97CB-6A899218DED7}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{4D8BD6F8-AB28-4016-86C6-CFB3426048FB}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{44C6A679-3691-4942-BAF7-27A74EF242DE}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{67FE3314-8EAC-4031-87F2-1F7BC4B6C754}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{912263CB-20F7-4A26-A44D-D91249DAF4FE}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{C77F444B-B62D-494E-BB82-440B3B487369}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{225F4E53-8933-4490-A9E1-FA8AB1F006F4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionSettings.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{49414D78-01CD-4EBC-A486-311C5EF05BC9}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionWebBrowserProxy.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{A0D3DE9E-5E93-4315-9F76-AC25B1CC318B}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionWebBrowserProxy.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{9489D0B9-3D12-449A-A0E2-7BBEAA70DA72}] => (Block) C:\Program Files (x86)\DisplayFusion\unins001.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [{7A43F454-F356-4D23-A03F-B75697617C77}] => (Block) C:\Program Files (x86)\DisplayFusion\unins001.exe (Binary Fortress Software Ltd -> Binary Fortress Software)
    FirewallRules: [TCP Query User{62CFBA62-6DF7-4F15-8BDD-06DED3BFC74F}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
    FirewallRules: [UDP Query User{95BACF11-F3D8-4FA1-8479-5D82C9EBE517}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
    FirewallRules: [{EFD74D45-368C-43F4-B81E-9EC62ED53120}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{2EE573D7-06C6-4D34-8ED8-AA3DE19A96D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{EFB22841-96B8-4F64-AB07-05C74C9A2C67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{9C293EA8-A203-4DB3-9C0D-997E88419E01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{99FDF259-46B9-4C96-9188-307A0C200E00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{9797CDF2-40D6-48DE-BFB7-A4D82D37252D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
    FirewallRules: [{210942CC-4A95-49DB-B0B6-44674807246C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{227980D6-D543-4717-A197-6C2E688CED7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DB372AC7-6A1F-4D6F-91FB-A84A35EEB911}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{0E45A287-2532-4214-A972-C3BCDF0AF4D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8F8BBF6A-9453-4FB9-8472-455866E5B15C}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
    FirewallRules: [{B3889E32-B1B2-406C-B876-2388D4CA23A7}] => (Allow) LPort=8888
    FirewallRules: [TCP Query User{88F257DB-6152-4CF1-882C-7669C95D1459}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
    FirewallRules: [UDP Query User{F5091196-AB2F-4F8D-87AA-95C285D1A4FC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
    FirewallRules: [TCP Query User{9289CF16-B6B8-4D11-B11B-A87327B65C9B}C:\program files\aquila technology\wakeonlan\wakeonlan.exe] => (Allow) C:\program files\aquila technology\wakeonlan\wakeonlan.exe => No File
    FirewallRules: [UDP Query User{9A84B66D-E4D0-4793-84C4-5B0F05E1311D}C:\program files\aquila technology\wakeonlan\wakeonlan.exe] => (Allow) C:\program files\aquila technology\wakeonlan\wakeonlan.exe => No File
    FirewallRules: [{C5589044-7974-4A7C-B246-36B663A4FDEB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{80D60984-3C7F-463F-926F-0C35C7D65765}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5B5F4D63-76EB-4FF8-BDA0-188965EC3221}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C3DA7CEE-DDE0-47CC-9668-BF7C980D1199}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{520DA2AF-18F8-4421-87B4-88DD27B58A19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D26213B0-3784-43D9-8691-5787706B641A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{694B1D4C-A1CD-47E6-A4B6-A73EAF0CA74F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{542965AB-627A-4046-ADC5-6A8BA21DB16C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{2BD97239-C28D-4A73-8311-7698A4A3B241}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [TCP Query User{D58A0535-5F3E-4F57-8B52-CE889DAAA425}C:\program files\java\jdk-18.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-18.0.2\bin\javaw.exe
    FirewallRules: [UDP Query User{2CC4B705-1398-4CFE-AFC1-C91D870F542C}C:\program files\java\jdk-18.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-18.0.2\bin\javaw.exe
    FirewallRules: [{B889AFC4-858B-42BB-97A9-89C5E6D08A39}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{BB91C577-17DD-4118-A46C-D7F31DBEE9F5}] => (Allow) LPort=9
    FirewallRules: [{400AC16F-F4ED-4F43-8CCE-0104D390A749}] => (Allow) C:\Users\Bob\AppData\Local\Programs\Opera\89.0.4447.91\opera.exe => No File
    FirewallRules: [{B194A1DD-F23B-40ED-9427-EB04C2E4E352}] => (Allow) LPort=32682
    FirewallRules: [{06FF119F-2418-4764-B0FC-323E93D068E8}] => (Allow) LPort=26822
    FirewallRules: [{62358E06-784A-41A6-8EC9-422D57A52646}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (08/14/2022 11:06:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 4.8.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 8378

    Start Time: 01d8afc563cb65c2

    Termination Time: 4294967295

    Application Path: D:\Downloads\FRST64.exe

    Report Id: 17433052-8a25-4258-8058-a69cedcbb29f

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Top level window is idle

    Error: (08/14/2022 10:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: teracopy.exe, version: 3.2.0.0, time stamp: 0x5965a745
    Faulting module name: KERNELBASE.dll, version: 10.0.19041.1889, time stamp: 0xdc0d8494
    Exception code: 0xc000041d
    Fault offset: 0x0012ca42
    Faulting process ID: 0x1d8c
    Faulting application start time: 0x01d8afc0122a7e6d
    Faulting application path: C:\Program Files\TeraCopy\teracopy.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report ID: a874f08a-8109-4ee5-918c-e2351123ea2c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/14/2022 10:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: teracopy.exe, version: 3.2.0.0, time stamp: 0x5965a745
    Faulting module name: KERNELBASE.dll, version: 10.0.19041.1889, time stamp: 0xdc0d8494
    Exception code: 0x0eedfade
    Fault offset: 0x0012ca42
    Faulting process ID: 0x1d8c
    Faulting application start time: 0x01d8afc0122a7e6d
    Faulting application path: C:\Program Files\TeraCopy\teracopy.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report ID: fb89805d-10d0-4f4a-bcd6-d6bb50da0051
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/14/2022 10:17:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program explorer.exe version 10.0.19041.1889 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 5958

    Start Time: 01d8afbcf4b58b60

    Termination Time: 13

    Application Path: C:\Windows\explorer.exe

    Report Id: f11143fa-42cf-43d7-99c9-8492def03c9e

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (08/14/2022 10:05:07 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: BOBS-RYZEN)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (08/14/2022 01:26:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program XYplorer.exe version 23.0.0.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 8094

    Start Time: 01d8af744a1ae61f

    Termination Time: 60000

    Application Path: C:\Program Files (x86)\XYplorer\XYplorer.exe

    Report Id: 17a58ebc-b90a-4123-b8f6-be21ede33237

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Cross-process

    Error: (08/14/2022 12:42:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program TeraCopy.exe version 3.5.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 7bdc

    Start Time: 01d8af6e05736b3f

    Termination Time: 8

    Application Path: C:\Program Files\TeraCopy\TeraCopy.exe

    Report Id: c79f1cb2-d092-4f95-a9ee-1804c402242b

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (08/14/2022 12:25:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program powershell.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 5b54

    Start Time: 01d8af6ba950afa3

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    Report Id: 9583e2ea-2591-4e3b-9495-c3d7a0d92cd7

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Top level window is idle


    System errors:
    =============
    Error: (08/14/2022 10:04:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (08/14/2022 10:04:22 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (08/14/2022 10:04:21 AM) (Source: volmgr) (EventID: 161) (User: )
    Description: Dump file creation failed due to error during dump creation.

    Error: (08/14/2022 10:04:28 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:02:57 AM on ‎8/‎14/‎2022 was unexpected.

    Error: (08/14/2022 10:03:17 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (08/14/2022 10:02:51 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (08/14/2022 10:02:24 AM) (Source: DCOM) (EventID: 10005) (User: BOBS-RYZEN)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (08/14/2022 10:02:13 AM) (Source: DCOM) (EventID: 10005) (User: BOBS-RYZEN)
    Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
    Windows.Internal.Security.Authentication.Web.TokenBrokerInternal


    Windows Defender:
    ================
    Date: 2022-08-12 18:05:34
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-08-12 16:14:23
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-08-12 14:52:19
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-08-12 12:51:46
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-08-12 12:06:58
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: PUA:Win32/Creprote
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\Bob\AppData\Local\01kith2k.lhh\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0m0dkmt2.1ce\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0m5q0ezt.3hm\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0psgu0iq.j2u\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0ssc1auq.av5\MasterService.exe; file:_C:\Users\Bob\AppData\Local\0vsxcipw.q5u\MasterService.exe; file:_C:\Users\Bob\AppData\Local\1ceuhy1b.kwn\MasterService.exe; file:_C:\Users\Bob\AppData\Local\1igqqk2j.q1d\MasterService.exe; file:_C:\Users\Bob\AppData\Local\afwenegq.3lg\MasterService.exe; file:_C:\Users\Bob\AppData\Local\alzojfwo.20w\MasterService.exe; file:_C:\Users\Bob\AppData\Local\awduja1j.q42\MasterService.exe; file:_C:\Users\Bob\AppData\Local\b5hc1yxu.rsd\MasterService.exe; file:_C:\Users\Bob\AppData\Local\bgimbzqj.l2q\MasterService.exe; file:_C:\Users\Bob\AppData\Local\btvrkclu.cfb\MasterService.exe; file:_C:\Users\Bob\AppData\Local\cccvwzn0.hns\MasterService.exe; file:_C:\Users\Bob\AppData\Local\cglwdahq.3rz\Ma
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Security intelligence Version: AV: 1.373.197.0, AS: 1.373.197.0, NIS: 1.373.197.0
    Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
    Event[0]:

    Date: 2022-08-14 09:03:20
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.373.219.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19500.2
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode

    Date: 2022-08-14 08:53:19
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2022-08-14 07:43:36
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.373.219.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19500.2
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode

    Date: 2022-08-14 07:33:35
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2022-08-14 01:41:49
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    CodeIntegrity:
    ===============
    Date: 2022-08-14 11:12:54
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2022-08-14 11:08:56
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends International, LLC. H.D0 05/14/2021
    Motherboard: Micro-Star International Co., Ltd. X570-A PRO (MS-7C37)
    Processor: AMD Ryzen 5 3600 6-Core Processor
    Percentage of memory in use: 71%
    Total physical RAM: 16305.71 MB
    Available physical RAM: 4622.98 MB
    Total Virtual: 29105.71 MB
    Available Virtual: 8205.96 MB

    ==================== Drives ================================

    Drive c: (W10 Sabrent 1TB) (Fixed) (Total:417.41 GB) (Free:214.4 GB) (Model: Sabrent Rocket 4.0 1TB) NTFS
    Drive d: (Data) (Fixed) (Total:512.92 GB) (Free:388.54 GB) (Model: Sabrent Rocket 4.0 1TB) NTFS
    Drive g: (OneDrive) (Fixed) (Total:476.94 GB) (Free:403.19 GB) (Model: Sabrent) NTFS
    Drive y: (Google Drive) (Fixed) (Total:15 GB) (Free:5.53 GB) (Model: Sabrent Rocket 4.0 1TB) FAT32

    \\?\Volume{db60f9d8-edd8-4696-9e6b-0430ee1a2619}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 078FBF1E)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 476.9 GB) (Disk ID: 600F2637)

    Partition: GPT.

    ==================== End of Addition.txt =======================

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
    Ran by Bob (administrator) on BOBS-RYZEN (Micro-Star International Co., Ltd. MS-7C37) (14-08-2022 11:07:38)
    Running from D:\FRST64
    Loaded Profiles: Bob & Mr_Inc & Administrator
    Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States) -> English (United Kingdom)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
    (C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
    (C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
    (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
    (C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
    (C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe <45>
    (C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <38>
    (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
    (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> ) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
    (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
    (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
    (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
    (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
    (C:\Program Files\Tablet\Pen\WacomHost.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
    (C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (C:\Program Files\Tablet\Pen\WTabletServiceCon.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
    (cmd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpn-browser-helper.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
    (explorer.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    (explorer.exe ->) (Cologne Code Company e.K. -> Cologne Code Company) C:\Program Files (x86)\XYplorer\XYplorer.exe
    (explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
    (explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\62.0.1.0\crashpad_handler.exe <3>
    (explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe <7>
    (explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
    (explorer.exe ->) (Martin Prikryl -> Martin Prikryl) C:\Program Files (x86)\WinSCP\WinSCP.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
    (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    (explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
    (explorer.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Michael Maltsev -> Ramen Software) C:\Users\Bob\AppData\Local\Programs\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Bob\apjwu.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
    (Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (services.exe ->) (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe
    (services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (services.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    (services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
    (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (services.exe ->) (Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
    (services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
    (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
    (services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
    (services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
    (services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
    (services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe
    (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
    (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (Open Source Developer, Marc Hörsken -> Marc Hörsken) C:\Program Files\Marcs Updater\Marcs Updater.exe <2>
    (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe <2>
    (services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
    (services.exe ->) (Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (services.exe ->) (Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (services.exe ->) (Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
    (services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
    (services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (services.exe ->) (X-Rite Incorporated -> X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
    (sihost.exe ->) (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Alexa.DesktopExtension.exe
    (sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <34>
    (svchost.exe ->) () [File not signed] C:\Program Files (x86)\CTR 2.1 RC5\CTR 2.1.exe
    (svchost.exe ->) (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.) C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe
    (svchost.exe ->) (ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
    (svchost.exe ->) (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1213.0_x64__22t9g3sebte08\Alexa.exe
    (svchost.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\CleanGenius.exe
    (svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <6>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1852_none_7de3b01c7cacf858\TiWorker.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
    (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe
    (Thornsoft Development, Inc. -> Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
    (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SandMan.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe [3378592 2021-10-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2342800 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2020-09-26] (Open-Shell) [File not signed]
    HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
    HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1254400 2015-12-18] (r2 Studios) [File not signed]
    HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Bob\AppData\Local\Microsoft\Teams\Update.exe [2508520 2022-08-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
    HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [379360 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\...\Policies\Explorer: [NoDrives] 33554432
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
    HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Bob\AppData\Local\Microsoft\Teams\Update.exe [2508520 2022-08-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [326608 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [852960 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\DisplayFusion\DFSSaver.scr [260048 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2642824 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Mr_Inc\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe" --startup_mode (No File)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleChromeAutoLaunch_A9B92AAB5CEEDD843EABB5BEC0128566] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2851656 2022-07-30] (Google LLC -> Google LLC)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [Fences] => "c:\program files (x86)\stardock\fences\Fences.exe" /startup (No File)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2642824 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2851656 2022-07-30] (Google LLC -> Google LLC)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (No File)
    HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\62.0.1.0\GoogleDriveFS.exe [51140424 2022-07-28] (Google LLC -> Google, Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-09] (Google LLC -> Google LLC)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {045D998C-314A-49F1-9FC9-552D8DED69E9} - System32\Tasks\CleanGenius => C:\Program Files (x86)\EaseUS\EaseUS CleanGenius\bin\CleanGenius.exe [610440 2022-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    Task: {081A3F15-64E4-4182-A8D3-979187F89685} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-20] (Google LLC -> Google LLC)
    Task: {09CA0EFF-2254-43E2-8C62-CDD2BFF37424} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {0D7EF48C-D617-4EC4-B5ED-B5A4C137F189} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {0FCEC7C4-CE35-4178-9DF1-838B7DBD6EFC} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [31656 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.)
    Task: {1AC08E47-A844-4F6A-BB32-3EC84117F6C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-20] (Google LLC -> Google LLC)
    Task: {2A7AEE39-A6E4-4E9F-B6B4-820E224196D6} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
    Task: {3758D164-BAC3-490A-AAE3-27E59EEEA583} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-03-10] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
    Task: {3940A08D-11A3-4226-8B33-0B17CCF86BEA} - System32\Tasks\PowerToys\Autorun for Bob => C:\Program Files\PowerToys\PowerToys.exe [1037712 2022-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {3C447E8C-2903-45A8-A5F6-B9DBFC82FCBF} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
    Task: {3C9A75A0-F003-4CAA-8E55-D11A0CA4B0F4} - System32\Tasks\iesqno => C:\Users\Bob\iesqno\apjwu.exe [940032 2016-10-09] (AutoIt Team) [File not signed] -> C:\Users\Bob\iesqno\ujkjiz.zrq
    Task: {403D1F59-E492-466D-9BF9-BE7EE61F63F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4058F75D-D873-47CF-B1A5-B97227168ECD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {431D0DCF-97A8-4D5B-A901-A0E46755D0E9} - System32\Tasks\G2MUpdateTask-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-05-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {4521D3FE-2225-4E58-BD7E-1727EFD03ED0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {49C7762D-A00E-4D97-8D54-B71FB3274D61} - System32\Tasks\2BrightSparks\SyncBackProx64\BOBS-RYZEN-Bob\SyncBackPro => C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe [92472864 2022-06-29] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
    Task: {4F9049DE-D3E7-4B00-B16E-A31EC6102C39} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9456760 2021-12-06] (Safer-Networking Limited -> )
    Task: {52710838-E9DC-44D4-BF6D-9CD6B2C3C4CE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145328 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Task: {52DDCCF6-9EF6-4D93-84F8-4C2F826853F2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {556ADBA4-EAB9-4C30-9325-C25972D6C299} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {5948425F-CACD-496F-8592-8C907F98BDBA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145328 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5C13E91B-CAEB-4582-A254-97F1DA0251D6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5E31CB8C-0447-4075-ABB1-CA59738983D0} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {6214ECEC-59F0-43EF-B0ED-A36C812C951B} - System32\Tasks\DNS Updater => C:\Program Files\Marcs Updater\Marcs Updater.exe [1027160 2017-04-23] (Open Source Developer, Marc Hörsken -> Marc Hörsken)
    Task: {6A1E6600-AA29-4F0A-BE22-29F1A484771E} - System32\Tasks\Disable_Wake => "C:\Users\Bob\Google Drive\Disable_Wake.cmd" (No File)
    Task: {6C496493-7417-4A79-B1C2-7AFE38FE5237} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat (No File)
    Task: {6E00475F-3A43-459D-A3A8-2CBB4761847B} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
    Task: {75B997C1-C441-42F5-91EA-58584569AFDF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {765690B6-F6FE-4E2F-82ED-E6B19F99A452} - System32\Tasks\Opera scheduled Autoupdate 1660301580 => C:\Users\Bob\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
    Task: {796750CC-D804-4A31-8135-4707B6F8FB3B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
    Task: {7A4EEE8F-E0FA-4A57-A8F2-3B0A4E8C87E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
    Task: {7D79F85C-C83E-4741-B3B5-853247382D6F} - System32\Tasks\MSI Task Host - TraceFPS.exe => C:\Program Files (x86)\MSI\MSI Center\GameBar\TraceFPS.exe [2780144 2021-01-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)
    Task: {89A091DD-A31B-48B9-8160-3E0E626C3167} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9456760 2021-12-06] (Safer-Networking Limited -> )
    Task: {8B496D98-602B-41EE-A52C-C9FF018DA47D} - System32\Tasks\Core Temp Autostart Bob => C:\Program Files\Core Temp\Core Temp.exe [1035096 2021-04-11] (ALCPU -> ALCPU)
    Task: {8BBD004A-D85F-4E1A-B948-90C83687358B} - System32\Tasks\CorelUpdateHelperTask-E7E49F515F94C7506F5B32E4BFBD8DE2 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
    Task: {8E9FA473-9FCD-4954-A349-AAB23245E83B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {998139B4-2C7A-474F-A7A7-50DC2F81BC88} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9AA5E436-823A-4BED-97E7-50D8B766C45C} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1952448 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
    Task: {9AF99A77-6F6D-4B49-9031-40E9DA8D37AC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {A001E9FD-97C1-4DEB-A18F-DDE93C14140C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
    Task: {A2971177-B9E6-42F5-9F34-8A44775EB5BF} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
    Task: {A5F3D623-6A86-47A1-B637-E126039361C3} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe (No File)
    Task: {AAAC17BD-F002-487C-BEA2-463B56CEB052} - System32\Tasks\MSI Task Host - MSI_GamebarTool.exe => C:\Program Files (x86)\MSI\MSI Center\GameBar\MSI_GamebarTool.exe [83256 2021-12-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
    Task: {AECCF170-95CE-4BC6-9759-3AB67E2635DF} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
    Task: {B41D06F5-33AB-4B2F-9739-E775781EF5E5} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2342800 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B4406CE4-80C2-41BC-88A7-15310D811ACD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BB19BB89-9159-47B6-877B-A0CB3B056854} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
    Task: {BCD508EF-BC57-4D59-840A-19BC13CF0893} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
    Task: {BEC39FA2-ED4C-4085-8C6B-A2E335E73C19} - System32\Tasks\CTR 2.1 RC5 => C:\Program Files (x86)\CTR 2.1 RC5\CTR 2.1.exe [970240 2021-05-12] () [File not signed]
    Task: {BEC6885F-8D95-48D9-86BE-7863BF3B4C85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BF44B5DB-DCFD-4F2C-A6EA-7C7FA5328D7A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {C3B51CAB-94BD-44D1-B8DB-87F595D37A37} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {CBA31408-D5D0-4E13-A2EE-B202FA9E39AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
    Task: {D5B2B445-B43B-46B5-8C64-A9D133E460E0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61856 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Task: {DB051437-821E-47E9-B753-6826C22AFCAF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {DB3D3C0A-0715-407A-A2AC-3F37BCC550C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8406496 2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
    Task: {DE3FB2F5-C93F-4A43-8650-1C02D5522EA8} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
    Task: {E74B7231-1788-4D6E-AC75-0253160BE0DA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
    Task: {F268EAA4-FCD9-41EC-8C73-818475DD92C6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F2E0B060-A840-46FA-BAF6-AC0CF3B61CD9} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [1962320 2021-12-16] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
    Task: {F31B7866-F1E7-4468-89AA-11A4162D5F14} - System32\Tasks\2BrightSparks\SyncBackProx64\BOBS-RYZEN-Robert\SyncBackPro => C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe [92472864 2022-06-29] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte. Ltd.)
    Task: {F4AC72B7-A657-4F10-89D9-593EFA1C6BE5} - System32\Tasks\G2MUploadTask-S-1-5-21-1182144281-2128924332-3640585907-1001 => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-05-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {F984F90B-3740-4420-8F4B-E3AB53B60E45} - System32\Tasks\Enable Wake => "C:\Users\Bob\Google Drive\Enable_Wake.cmd" (No File)
    Task: {FC37C1A5-DC1A-433B-82E6-D1DB8D73EF2C} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1182144281-2128924332-3640585907-1001.job => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1182144281-2128924332-3640585907-1001.job => C:\Users\Bob\AppData\Local\GoToMeeting\19950\g2mupload.exe
    Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{2bad1b5b-1080-4576-a1a3-f4e473f299f4}: [NameServer] 10.151.0.1
    Tcpip\..\Interfaces\{7228c8be-bf74-461f-8c92-86e938889c33}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-14]
    Edge Notifications: Default -> hxxps://teams.microsoft.com
    Edge NewTab: Default -> Active:"chrome-extension://iccjgbbjckehppnpajnmplcccjcgbdep/index.html"
    Edge Extension: (Map Maker Overlay) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abbhipgjfgfpbedbhbihihpnfelpjldb [2021-05-18]
    Edge Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\acnbnghploonojdneaapglimokkefngg [2021-12-04]
    Edge Extension: (Highlight This: finds and marks words) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\afggjmaeddgckaafbkjlaacjmifmdoim [2021-05-18]
    Edge Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2022-08-10]
    Edge Extension: (Sexy Undo Close Tab) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2021-05-18]
    Edge Extension: (Web Developer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2021-05-18]
    Edge Extension: (Extension Manager) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhahgfgngfghgjhnpplmemebhenieijb [2021-11-17]
    Edge Extension: (Mute Tab) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blljobffcekcbopmkgfhpcjmbfnelkfg [2021-05-18]
    Edge Extension: (Amazon Wish List Total) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\boekbkconiendicldakeboooeilaldmh [2022-07-19]
    Edge Extension: (The Camelizer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpggaanjmbjoahhknlajnhdhkljekpbg [2022-04-13]
    Edge Extension: (Right-Click Search IMDb) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2022-06-21]
    Edge Extension: (鼠标手势) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbopgngpbfeoecnbebghbbhmdadmllce [2022-05-10]
    Edge Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2021-05-18]
    Edge Extension: (Stylus) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2022-06-04]
    Edge Extension: (Ad-blocker for Gmail™) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2021-05-18]
    Edge Extension: (Gmelius for Gmail) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2022-02-16]
    Edge Extension: (SABctrl) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dhkfabgoljcjldkplbkgedghjgoggdfe [2021-05-18]
    Edge Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-05-18]
    Edge Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-05-18]
    Edge Extension: (APNG) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2021-05-18]
    Edge Extension: (Google Font Previewer for Chrome) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\engndlnldodigdjamndkplafgmkkencc [2022-07-08]
    Edge Extension: (HTTPS Everywhere) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-05-25]
    Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-21]
    Edge Extension: (Avast Online Security & Privacy) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2022-07-24]
    Edge Extension: (Web ) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fedimamkpgiemhacbdhkkaihgofncola [2022-01-06]
    Edge Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2022-08-10]
    Edge Extension: (Stylish - Custom themes for any website) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2022-08-14]
    Edge Extension: (Zoom) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gdndpilddmlahjjcfmknlmindbklnbel [2021-05-18]
    Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-07-08]
    Edge Extension: (XPath Helper) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2021-05-18]
    Edge Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-05-18]
    Edge Extension: (Close & Clean) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld [2021-05-18]
    Edge Extension: (Eye Dropper) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2022-08-01]
    Edge Extension: (ProductivityTab — Custom New Tab Dashboard) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iccjgbbjckehppnpajnmplcccjcgbdep [2022-08-14]
    Edge Extension: (New Tab Redirect) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2021-05-18]
    Edge Extension: (AutoPagerize) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2021-05-18]
    Edge Extension: (YouTube Dark Theme) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihgmjddljpjooagcfkjjgojbfofknpmm [2022-01-28]
    Edge Extension: (Tampermonkey) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2022-05-27]
    Edge Extension: (Row Highlighter for Gmail™ and Inbox™) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijfolchflbmnfopmpmodilcelmdakbfl [2021-05-18]
    Edge Extension: (Cisco Webex Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2022-07-24]
    Edge Extension: (Call From Browser) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\impiikfnffjblkkefnplfonianmboaam [2021-05-18]
    Edge Extension: (YouTube Comments Search and Analytics) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inifheokcihloefgjkdnmfklgfkakkjn [2021-05-18]
    Edge Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-05-18]
    Edge Extension: (Chrome extension source viewer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2022-05-09]
    Edge Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-05-18]
    Edge Extension: (History Blocker by Site) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\keamekimefemnbgegbfkdkmbomaahfai [2021-05-18]
    Edge Extension: (Gmail reverse conversation) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2022-05-16]
    Edge Extension: (ColumnCopy) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lapbbfoohlcmlbdaakldmmallcbcbpjb [2021-05-18]
    Edge Extension: (RemoveCookiesForSite) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm [2021-05-18]
    Edge Extension: (Google Keep Chrome Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2022-08-11]
    Edge Extension: (IMDB Ratings Viewer) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mcmmjahiclndbfdkblfnopheledjibfl [2021-05-18]
    Edge Extension: (Reload All Tabs) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2021-05-18]
    Edge Extension: (Google Hangouts) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-17]
    Edge Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-07-19]
    Edge Extension: (My IMDb) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngicopfkgbodejbbfalbmobdpjebhhmb [2021-07-08]
    Edge Extension: (Youtube) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nipggfgilmoiofmnkbeabghbcaohmjih [2021-05-18]
    Edge Extension: (ShareX) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2021-05-18]
    Edge Extension: (Expensify Web Receipts) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2021-05-18]
    Edge Extension: (Google Quick Scroll) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2022-05-16]
    Edge Extension: (SABconnect++) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2021-09-19]
    Edge Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omhcfmofjcdakjciciffgbdoojiclhbn [2021-05-18]
    Edge Extension: (Virtual Keyboard) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-05-18]
    Edge Extension: (Personalized Web) - C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\plcnnpdmhobdfbponjpedobekiogmbco [2021-05-18]
    Edge Profile: C:\Users\Bob\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-08-01]

    FireFox:
    ========
    FF DefaultProfile: 0llbq56w.default
    FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\0llbq56w.default [2022-04-10]
    FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\89rtrf61.default-release [2022-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-08-09] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-08-14] <==== ATTENTION (Points to *.cfg file)

    Chrome:
    =======
    CHR DefaultProfile: default
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob [2022-04-14] <==== ATTENTION
    CHR Extension: (Slides) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-14]
    CHR Extension: (Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-14]
    CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-14]
    CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-04-14]
    CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-14]
    CHR Extension: (Sheets) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-14]
    CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-14]
    CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-04-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-14]
    CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Bob\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-14]
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default [2022-08-14]
    CHR Notifications: Default -> hxxps://crmplus.zoho.eu; hxxps://meet.google.com; hxxps://spark.adobe.com; hxxps://track.dpd.co.uk
    CHR NewTab: Default -> Active:"chrome-extension://iccjgbbjckehppnpajnmplcccjcgbdep/index.html"
    CHR Extension: (Map Maker Overlay) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\abbhipgjfgfpbedbhbihihpnfelpjldb [2021-03-20]
    CHR Extension: (Entanglement Web App) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-03-20]
    CHR Extension: (Send to OneNote) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2021-03-20]
    CHR Extension: (Sexy Undo Close Tab) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2021-03-20]
    CHR Extension: (Web Developer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2021-03-20]
    CHR Extension: (DuckDuckGo) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-08-10]
    CHR Extension: (Mute Tab) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blljobffcekcbopmkgfhpcjmbfnelkfg [2021-03-27]
    CHR Extension: (Slinky Elegant) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2022-08-10]
    CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-08-10]
    CHR Extension: (Right-Click Search IMDb) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2022-06-17]
    CHR Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2021-03-20]
    CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-07]
    CHR Extension: (Stylus) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2022-06-01]
    CHR Extension: (Adblock for Youtube™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-07-11]
    CHR Extension: (Ad-blocker for Gmail™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2021-03-20]
    CHR Extension: (Tampermonkey) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-05-08]
    CHR Extension: (Gmelius for Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2022-02-15]
    CHR Extension: (SABctrl) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkfabgoljcjldkplbkgedghjgoggdfe [2021-04-18]
    CHR Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-03-20]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-03-20]
    CHR Extension: (Session Buddy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-03-20]
    CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-07-26]
    CHR Extension: (APNG) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2021-03-20]
    CHR Extension: (Google Font Previewer for Chrome) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\engndlnldodigdjamndkplafgmkkencc [2022-07-07]
    CHR Extension: (Web ) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedimamkpgiemhacbdhkkaihgofncola [2021-12-18]
    CHR Extension: (Highlight This: finds and marks words) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbnmjmbjenlhbefngfibmjkpbcljaj [2022-07-25]
    CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2022-08-10]
    CHR Extension: (HTTPS Everywhere) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-05-26]
    CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-20]
    CHR Extension: (The Camelizer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2022-03-18]
    CHR Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-20]
    CHR Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2022-04-10]
    CHR Extension: (Extension Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjldcdngmdknpinoemndlidpcabkggco [2021-11-05]
    CHR Extension: (Avast Online Security & Privacy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-07-21]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-08-10]
    CHR Extension: (XPath Helper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2021-03-20]
    CHR Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-03-20]
    CHR Extension: (Close & Clean) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjlnpghgkgmnpjimgbblhggmbjlbmld [2021-03-20]
    CHR Extension: (Eye Dropper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2022-08-02]
    CHR Extension: (Google Keep - Notes and Lists) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2022-08-10]
    CHR Extension: (ProductivityTab — Custom New Tab Dashboard) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccjgbbjckehppnpajnmplcccjcgbdep [2022-05-27]
    CHR Extension: (YouTube Dark Theme) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgoeaddhagkbjnnigiblfebijeinfme [2022-04-10]
    CHR Extension: (New Tab Redirect) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2021-03-20]
    CHR Extension: (AutoPagerize) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2021-03-20]
    CHR Extension: (Row Highlighter for Gmail™ and Inbox™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfolchflbmnfopmpmodilcelmdakbfl [2021-03-20]
    CHR Extension: (Call From Browser) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\impiikfnffjblkkefnplfonianmboaam [2021-03-20]
    CHR Extension: (YouTube Comments Search and Analytics) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\inifheokcihloefgjkdnmfklgfkakkjn [2021-03-20]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-03-20]
    CHR Extension: (Chrome extension source viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2022-05-06]
    CHR Extension: (CrxMouse Chrome™ Gestures) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2022-08-04]
    CHR Extension: (Cisco Webex Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-22]
    CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-03-20]
    CHR Extension: (History Blocker by Site) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\keamekimefemnbgegbfkdkmbomaahfai [2021-03-20]
    CHR Extension: (Gmail reverse conversation) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2021-10-14]
    CHR Extension: (Zoom Scheduler) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2022-07-24]
    CHR Extension: (ColumnCopy) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapbbfoohlcmlbdaakldmmallcbcbpjb [2021-03-20]
    CHR Extension: (RemoveCookiesForSite) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm [2021-03-20]
    CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-03-20]
    CHR Extension: (Google Keep Chrome Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2022-08-10]
    CHR Extension: (IMDB Ratings Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcmmjahiclndbfdkblfnopheledjibfl [2021-03-20]
    CHR Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2022-07-12]
    CHR Extension: (Reload All Tabs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2021-05-05]
    CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-06-10]
    CHR Extension: (Google Hangouts) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-14]
    CHR Extension: (My IMDb) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngicopfkgbodejbbfalbmobdpjebhhmb [2021-07-04]
    CHR Extension: (ShareX) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2021-03-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-20]
    CHR Extension: (AdFly Skipper) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2022-08-09]
    CHR Extension: (Adblock for You) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcaehilgakehloljjmajoempaflmdci [2022-07-20]
    CHR Extension: (Expensify Web Receipts) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2021-03-20]
    CHR Extension: (Google Quick Scroll) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2021-03-20]
    CHR Extension: (SABconnect++) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2021-09-14]
    CHR Extension: (Virtual Keyboard) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-03-20]
    CHR Extension: (Personalized Web) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcnnpdmhobdfbponjpedobekiogmbco [2021-03-20]
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-08-10]
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-08-10]
    CHR Notifications: Profile 1 -> hxxps://www.easeus.com
    CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-08-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-01]
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2 [2022-08-12] <==== ATTENTION
    CHR Notifications: Profile2 -> hxxps://crmplus.zoho.eu; hxxps://meet.google.com; hxxps://teams.microsoft.com
    CHR Extension: (Adblock for Youtube™) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-07-14]
    CHR Extension: (Typio Form Recovery) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2021-03-21]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2021-03-21]
    CHR Extension: (HTTP Archive Viewer) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\ebbdbdmhegaoooipfnjikefdpeoaidml [2021-03-21]
    CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-05]
    CHR Extension: (AdBlock — best ad blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-22]
    CHR Extension: (Selection Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2022-04-11]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-08-12]
    CHR Extension: (Tabs to the Front) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2021-03-21]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-03-21]
    CHR Extension: (CrxMouse Chrome™ Gestures) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2021-12-06]
    CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-03-21]
    CHR Extension: (LinkedIn Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2022-07-14]
    CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-06-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-21]
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\System Profile [2022-08-10]
    CHR HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-02] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46864 2022-08-01] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [326608 2022-05-14] (Binary Fortress Software Ltd -> Binary Fortress Software)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [44168 2022-04-29] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{283A3793-05D9-40BE-9F0B-926C470496B9} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
    R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438240 2022-05-09] (EXPRSVPN LLC -> ExpressVPN)
    S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.156.0724.0001\FileSyncHelper.exe [3389856 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology, LLC -> Seagate Technology LLC)
    S3 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [31544 2018-11-19] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
    R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
    R2 Marcs Updater; C:\Program Files\Marcs Updater\Marcs Updater.exe [1027160 2017-04-23] (Open Source Developer, Marc Hörsken -> Marc Hörsken)
    R2 MSI_Central_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150840 2021-06-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
    R2 MSI_Super_Charger_Service; C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe [39224 2021-04-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
    R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36152 2021-08-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
    R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [39760 2021-05-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
    S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.156.0724.0001\OneDriveUpdaterService.exe [3830176 2022-08-12] (Microsoft Corporation -> Microsoft Corporation)
    R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
    R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
    R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
    R2 SBMServiceV2; C:\Program Files (x86)\2BrightSparks\SBMServiceV2\SBMService.exe [6943824 2022-02-03] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
    R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
    S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [748664 2022-07-19] (Oracle Corporation -> Oracle Corporation)
    R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{BDE15B69-F161-43E2-BAAE-2C80AB5D7D0D} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [91048 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.)
    R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ALSysIO; C:\Users\Bob\AppData\Local\Temp\ALSysIO64.sys [47240 2022-08-14] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
    R3 AMDVBT2BDA; C:\WINDOWS\system32\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    R3 AMDVBT2BDA; C:\Windows\SysWOW64\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    R3 AMDVBT2USB; C:\WINDOWS\System32\Drivers\AMDVBT2USB.sys [49528 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    R3 AMDVBT2USB; C:\Windows\SysWOW64\Drivers\AMDVBT2USB.sys [49528 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
    R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
    R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321784 2022-03-10] (Bluestack Systems, Inc -> Bluestack System Inc.)
    S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
    R1 CTIIO; C:\WINDOWS\system32\drivers\CtiIo64.sys [29208 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 ecmntdrv; C:\WINDOWS\system32\ecmntdrv.sys [36280 2021-03-24] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
    S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
    R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [74296 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [54328 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [24152 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [555072 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-05-09] (ExprsVPN LLC -> ExpressVPN)
    R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2022-03-02] (Express VPN International Ltd. -> ExpressVPN)
    R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
    S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [38544 2018-12-13] (Feature Integration Technology Inc -> FINTEK Corp.)
    R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2018-11-19] (Lagerkvist Teknisk Radgivning i Boras HB -> Olof Lagerkvist)
    S3 inpoutx64; C:\WINDOWS\system32\drivers\inpoutx64.sys [15008 2021-08-16] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
    R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
    S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
    R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [29576 2021-11-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
    R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\MSI Center\Super Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
    R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
    S3 RTL2832UBDA; C:\WINDOWS\system32\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\AMDVBT2BDA.sys [262032 2019-12-10] (Astrometa Co.,Ltd. -> Astrometa)
    R3 RTL2832U_IRHID; C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys [59512 2019-12-10] (Astrometa Co.,Ltd. -> Realtek)
    R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
    R2 SSGDIO; C:\WINDOWS\SysWOW64\DRIVERS\ssgdio64.sys [14608 2021-03-22] (ATI Technologies, Inc -> ATI Technologies Inc.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-11-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2022-03-02] (ExprsVPN LLC -> The OpenVPN Project)
    R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [242656 2022-07-19] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [252560 2022-07-19] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1081592 2022-07-19] (Oracle Corporation -> Oracle Corporation)
    S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [175800 2022-03-22] (Oracle Corporation -> Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-08-12] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-08-12] (Microsoft Windows -> Microsoft Corporation)
    R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2020-02-26] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
    R3 WinRing0_1_2_2; C:\WINDOWS\system32\drivers\WinRing0_1_2_2.sys [31152 2022-08-14] (PAIPTAC Driver -> )
    R3 xmosusbaudiost30C8; C:\WINDOWS\System32\drivers\xmosusbaudiost30C8.sys [275032 2017-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
    R3 xmosusbaudiost30C8ks; C:\WINDOWS\System32\drivers\xmosusbaudiost30C8ks.sys [52824 2017-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
    S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
    U4 npcap_wifi; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-08-14 11:04 - 2022-08-14 11:07 - 000000000 ____D C:\FRST
    2022-08-14 11:02 - 2022-08-14 11:02 - 000000635 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegBackup.lnk
    2022-08-14 10:59 - 2022-08-14 10:59 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-BOBS-RYZEN-Windows-10-Pro-(64-bit).dat
    2022-08-14 10:59 - 2022-08-14 10:59 - 000000000 ____D C:\Users\Bob\Desktop\RegBackup
    2022-08-14 10:26 - 2022-08-14 10:26 - 000000000 ___HD C:\Users\Bob\AppData\Roaming\Obsidium
    2022-08-14 10:26 - 2022-08-14 10:26 - 000000000 ___HD C:\Users\Bob\.obs32
    2022-08-14 10:25 - 2022-08-14 10:25 - 000001700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
    2022-08-14 10:25 - 2022-08-14 10:25 - 000000000 ____D C:\Program Files\TeraCopy
    2022-08-14 10:06 - 2022-08-14 10:06 - 005348771 _____ C:\Users\Bob\Desktop\TeamSpybot-20220814-100655.cab
    2022-08-14 09:34 - 2022-08-14 09:34 - 000001749 _____ C:\Users\Public\Desktop\Reset Browser Settings.lnk
    2022-08-14 09:34 - 2022-08-14 09:34 - 000000875 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
    2022-08-14 09:34 - 2022-08-14 09:34 - 000000000 ____D C:\Program Files\Trojan Killer
    2022-08-14 08:55 - 2022-08-14 08:55 - 005441916 _____ C:\Users\Bob\Desktop\TeamSpybot-20220814-085523.cab
    2022-08-14 08:53 - 2022-08-14 09:50 - 000287020 _____ C:\WINDOWS\ntbtlog.txt
    2022-08-14 08:50 - 2022-08-14 08:50 - 005496181 _____ C:\Users\Administrator\Desktop\TeamSpybot-20220814-085051.cab
    2022-08-14 08:48 - 2022-08-14 08:48 - 000000000 ____D C:\Users\Administrator\Documents\ProcAlyzer Dumps
    2022-08-14 01:41 - 2022-08-14 08:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2022-08-13 17:35 - 2022-08-13 17:35 - 000000000 ____D C:\Users\Bob\AppData\Local\Microsoft_Corporation
    2022-08-13 17:27 - 2022-08-13 23:20 - 000000053 _____ C:\Users\Bob\nfsmount.ps1
    2022-08-13 16:16 - 2022-08-13 16:16 - 000000000 ____D C:\Users\Bob\Documents\TeraCopy
    2022-08-13 14:18 - 2022-08-14 10:05 - 000031152 _____ C:\WINDOWS\system32\Drivers\WinRing0_1_2_2.sys
    2022-08-13 10:41 - 2022-08-13 10:41 - 000005772 _____ C:\Users\Bob\AppData\Local\recently-used.xbel
    2022-08-13 09:57 - 2022-08-13 22:56 - 000003656 _____ C:\WINDOWS\system32\Tasks\CTR 2.1 RC5
    2022-08-13 09:56 - 2022-08-13 09:56 - 000000000 ____D C:\Users\Bob\AppData\Local\A
    2022-08-13 09:26 - 2022-08-13 09:26 - 1326241977 _____ C:\WINDOWS\MEMORY.DMP
    2022-08-13 09:26 - 2022-08-13 09:26 - 001385404 _____ C:\WINDOWS\Minidump\081322-8390-01.dmp
    2022-08-12 21:29 - 2022-08-12 21:38 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Emby-Theater
    2022-08-12 21:29 - 2022-08-12 21:29 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Emby
    2022-08-12 12:12 - 2022-08-12 12:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
    2022-08-12 12:01 - 2022-08-12 12:01 - 000001429 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
    2022-08-12 12:01 - 2022-08-12 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
    2022-08-12 12:01 - 2022-08-12 12:01 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
    2022-08-12 11:53 - 2022-08-12 11:53 - 000004164 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1660301580
    2022-08-12 11:53 - 2022-08-12 11:53 - 000001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2022-08-12 11:53 - 2022-08-12 11:53 - 000001467 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2022-08-12 11:53 - 2022-08-12 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2022-08-12 10:28 - 2022-08-12 10:28 - 000003460 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
    2022-08-12 10:17 - 2022-08-12 10:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Wireshark
    2022-08-12 10:16 - 2022-08-14 09:54 - 000000000 ____D C:\Program Files\Npcap
    2022-08-11 22:34 - 2022-06-20 22:52 - 000455160 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20220811-223432.backup
    2022-08-11 20:37 - 2022-08-11 20:37 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Kutools for Excel
    2022-08-11 20:36 - 2022-08-11 20:36 - 000003628 _____ C:\WINDOWS\system32\Tasks\iesqno
    2022-08-11 20:36 - 2022-08-11 20:36 - 000000000 __SHD C:\Users\Bob\iesqno
    2022-08-11 20:35 - 2022-08-11 20:35 - 000001198 _____ C:\Users\Bob\Desktop\Kutools for Excel.lnk
    2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Kutools for Excel
    2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
    2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Program Files (x86)\Kutools for Excel
    2022-08-11 20:35 - 2022-08-11 20:35 - 000000000 ____D C:\Program Files (x86)\Addin Technology Inc
    2022-08-11 09:17 - 2022-08-11 09:17 - 000000000 ____D C:\Program Files (x86)\CTR 2.1 RC5
    2022-08-10 23:08 - 2022-08-10 23:08 - 000000000 ____D C:\easeus_tb_cloud
    2022-08-10 01:19 - 2022-08-10 15:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2022-08-10 01:15 - 2022-08-10 01:15 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
    2022-08-10 01:15 - 2022-08-10 01:15 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
    2022-08-10 01:15 - 2022-08-10 01:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
    2022-08-10 01:15 - 2022-08-10 01:15 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2022-08-10 01:15 - 2022-08-10 01:15 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
    2022-08-10 01:15 - 2022-08-10 01:15 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
    2022-08-10 01:15 - 2022-08-10 01:15 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
    2022-08-10 01:15 - 2022-08-10 01:15 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2022-08-10 01:10 - 2022-08-10 01:10 - 000000000 ___HD C:\$WinREAgent
    2022-08-10 00:50 - 2022-08-14 10:04 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-08-09 23:53 - 2022-08-13 22:25 - 000004096 ___SH C:\{AABB0633-9B60-45F1-911E-E8F89E0702BE}.CBM
    2022-08-09 23:09 - 2022-08-09 23:09 - 000001305 _____ C:\Users\Bob\Documents\TaskExport_SYSTEM.tbbak
    2022-08-09 22:48 - 2022-08-09 22:48 - 000001149 _____ C:\Users\Public\Desktop\WinSCP.lnk
    2022-08-09 22:32 - 2022-08-09 22:32 - 000000000 ____D C:\Users\Bob\AppData\Roaming\easeus
    2022-08-09 22:32 - 2022-08-09 22:32 - 000000000 ____D C:\Users\Bob\AppData\Local\DupFilesUI
    2022-08-09 15:54 - 2022-08-09 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2022-08-09 14:48 - 2022-08-09 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2022-08-09 14:48 - 2022-08-09 15:54 - 000000000 ____D C:\Program Files\Java
    2022-08-09 14:48 - 2022-08-09 14:48 - 000070920 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2022-08-09 14:48 - 2022-08-09 14:48 - 000000000 ____D C:\Program Files\Common Files\Oracle
    2022-08-08 20:33 - 2022-08-08 20:33 - 000000000 ____D C:\WINDOWS\Panther
    2022-08-03 18:04 - 2022-08-03 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2022-08-03 15:47 - 2022-08-03 15:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Aquila Technology
    2022-08-03 15:46 - 2022-08-03 15:46 - 000000000 ____D C:\Users\Bob\AppData\Local\Aquila_Technology
    2022-08-03 15:46 - 2022-08-03 15:46 - 000000000 ____D C:\ProgramData\Aquila Technology
    2022-08-03 15:05 - 2022-08-03 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    2022-08-02 11:22 - 2022-08-14 10:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
    2022-08-02 11:22 - 2022-08-02 11:22 - 000000000 ____D C:\Program Files\PowerToys
    2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2022-08-01 23:21 - 2022-08-01 23:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2022-08-01 23:21 - 2022-08-01 23:21 - 000046864 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2022-07-30 11:28 - 2022-08-14 10:05 - 000003416 _____ C:\WINDOWS\system32\Tasks\CleanGenius
    2022-07-30 11:28 - 2022-07-30 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS CleanGenius
    2022-07-30 11:28 - 2022-03-24 14:13 - 000173192 _____ C:\WINDOWS\system32\setupecmdrvx64.exe
    2022-07-30 11:28 - 2021-03-24 13:04 - 000036280 _____ C:\WINDOWS\system32\ecmntdrv.sys
    2022-07-30 11:28 - 2021-03-24 13:04 - 000000010 _____ C:\WINDOWS\system32\setupecmdrv.ini
    2022-07-30 11:27 - 2022-07-30 11:28 - 000000000 ____D C:\Users\Bob\AppData\Local\unali-2682453
    2022-07-30 09:58 - 2022-07-30 09:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\Seagate_Install_Launch
    2022-07-30 09:58 - 2022-07-30 09:58 - 000002193 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
    2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Seagate
    2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Nero
    2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\ProgramData\Nero
    2022-07-30 09:58 - 2022-07-30 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
    2022-07-29 23:31 - 2022-07-29 23:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\NVIDIA
    2022-07-29 23:29 - 2022-08-12 21:28 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Emby-InstallLogs
    2022-07-28 11:40 - 2022-08-14 10:04 - 000000000 ____D C:\Users\Bob\AppData\Local\LogiBolt
    2022-07-28 11:39 - 2022-07-28 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2022-07-28 11:38 - 2022-07-28 11:38 - 000000000 ____D C:\Program Files\Logitech
    2022-07-27 00:13 - 2022-07-27 00:16 - 000000174 _____ C:\Users\Bob\Documents\Wake_Shield.bat
    2022-07-26 21:49 - 2022-07-26 21:50 - 000000000 ____D C:\Program Files\CrystalDiskInfo
    2022-07-26 21:49 - 2022-07-26 21:49 - 000001803 _____ C:\Users\Bob\Desktop\CrystalDiskInfo.lnk
    2022-07-25 11:39 - 2022-07-25 11:39 - 000000811 _____ C:\Users\Bob\Desktop\wakeunraid.bat
    2022-07-24 22:53 - 2022-07-24 22:55 - 000000128 _____ C:\Users\Bob\AppData\Local\PUTTY.RND
    2022-07-24 22:49 - 2022-08-14 10:06 - 000000128 _____ C:\Users\Bob\AppData\Roaming\winscp.rnd
    2022-07-23 15:30 - 2022-07-23 15:30 - 000000546 _____ C:\Users\Bob\usb5.vmdk
    2022-07-23 14:58 - 2022-07-23 14:58 - 000000546 _____ C:\Users\Bob\usb3.vmdk
    2022-07-23 14:44 - 2022-07-23 15:07 - 000000637 _____ C:\usb2.vmdk
    2022-07-23 09:53 - 2022-07-23 09:53 - 001620284 _____ C:\WINDOWS\Minidump\072322-9593-01.dmp
    2022-07-19 15:50 - 2022-07-19 15:50 - 000252560 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
    2022-07-19 15:50 - 2022-07-19 15:50 - 000242656 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
    2022-07-17 18:29 - 2022-07-17 18:29 - 002629780 _____ C:\WINDOWS\Minidump\071722-8953-01.dmp

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-08-14 11:06 - 2022-05-30 15:34 - 000000000 ____D C:\ProgramData\SBMService
    2022-08-14 11:06 - 2022-03-17 10:05 - 000000000 ____D C:\Users\Bob\AppData\Roaming\DropboxElectron
    2022-08-14 11:06 - 2021-06-15 17:20 - 000000000 ____D C:\Users\Bob\AppData\Local\Dropbox
    2022-08-14 11:02 - 2021-04-03 01:31 - 000000000 ____D C:\Users\Bob\AppData\Roaming\TeraCopy
    2022-08-14 10:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-08-14 10:36 - 2021-03-20 14:21 - 000000000 ____D C:\Users\Bob\AppData\Roaming\XYplorer
    2022-08-14 10:34 - 2021-03-20 13:16 - 000000000 ____D C:\Users\Bob\AppData\Local\OpenShell
    2022-08-14 10:27 - 2021-03-20 21:53 - 000000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
    2022-08-14 10:26 - 2022-01-22 21:59 - 000000000 ____D C:\Users\Bob
    2022-08-14 10:19 - 2021-03-21 12:38 - 000000000 ____D C:\Users\Bob\AppData\LocalLow\Mozilla
    2022-08-14 10:14 - 2021-03-20 13:08 - 000000000 ____D C:\Program Files (x86)\Google
    2022-08-14 10:12 - 2021-03-20 21:42 - 000000000 ____D C:\Program Files\Registry Workshop
    2022-08-14 10:11 - 2022-01-22 22:08 - 000972494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-08-14 10:11 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
    2022-08-14 10:10 - 2022-04-10 17:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
    2022-08-14 10:08 - 2021-03-20 21:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2022-08-14 10:05 - 2022-01-29 02:10 - 000000000 ___RD C:\Users\Bob\OneDrive - Gradient
    2022-08-14 10:05 - 2022-01-24 13:17 - 000000000 ___RD C:\Users\Bob\Gradient
    2022-08-14 10:05 - 2021-07-20 13:56 - 000000000 ___RD C:\Users\Bob\Numerical Algorithms Group Ltd
    2022-08-14 10:05 - 2021-05-18 09:38 - 000000000 ___RD C:\Users\Bob\contegosafety.co.uk
    2022-08-14 10:05 - 2021-03-20 13:24 - 000000000 ____D C:\ProgramData\TEMP
    2022-08-14 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
    2022-08-14 10:04 - 2022-01-22 22:11 - 000003128 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
    2022-08-14 10:04 - 2022-01-22 22:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-08-14 10:04 - 2022-01-22 21:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-08-14 10:04 - 2021-04-16 14:44 - 000000000 ____D C:\ProgramData\NVIDIA
    2022-08-14 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2022-08-14 10:03 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2022-08-14 10:02 - 2019-12-07 10:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
    2022-08-14 01:39 - 2021-03-20 23:40 - 000000475 _____ C:\WINDOWS\wininit.ini
    2022-08-14 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2022-08-13 22:50 - 2021-03-20 14:35 - 000000000 ____D C:\Users\Bob\Documents\ShareX
    2022-08-13 22:25 - 2022-01-23 05:46 - 000000000 ____D C:\WINDOWS\system32\msmq
    2022-08-13 22:20 - 2022-01-24 00:29 - 000000000 ____D C:\WINDOWS\system32\config\regsave
    2022-08-13 22:20 - 2021-03-22 14:47 - 000428032 ___SH C:\EUMONBMP.SYS
    2022-08-13 22:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-08-13 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-08-13 22:16 - 2021-03-20 11:49 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-08-13 17:38 - 2021-03-20 20:35 - 000000000 ____D C:\Users\Bob\AppData\Local\DisplayFusion
    2022-08-13 10:44 - 2021-08-20 17:40 - 000000000 ____D C:\Users\Bob\Desktop\Tools
    2022-08-13 10:41 - 2021-11-06 20:35 - 000000000 ____D C:\Users\Bob\.dbus-keyrings
    2022-08-13 10:38 - 2022-01-22 22:11 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B186346E-6F9F-4080-BE06-49E909C0A7AE}
    2022-08-13 09:26 - 2022-07-14 20:47 - 000000000 ____D C:\WINDOWS\Minidump
    2022-08-13 00:29 - 2021-03-20 21:38 - 000000000 ___RD C:\Users\Bob\Google Drive
    2022-08-12 17:44 - 2021-03-21 16:47 - 000000000 ___HD C:\Users\Bob\.VirtualBox
    2022-08-12 17:42 - 2021-03-21 16:47 - 000000000 ____D C:\ProgramData\VirtualBox
    2022-08-12 16:20 - 2021-04-18 20:53 - 000000000 ____D C:\Users\Bob\AppData\Roaming\vlc
    2022-08-12 14:48 - 2021-03-20 13:14 - 000000000 ____D C:\Users\Bob\AppData\Local\D3DSCache
    2022-08-12 12:39 - 2021-03-20 13:39 - 000000000 ____D C:\Users\Bob\AppData\Local\PlaceholderTileLogoFolder
    2022-08-12 12:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-08-12 11:59 - 2021-03-20 11:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-08-12 11:53 - 2021-03-20 21:57 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2022-08-12 11:38 - 2021-04-19 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    2022-08-12 11:38 - 2021-04-19 00:22 - 000000000 ____D C:\Program Files (x86)\LAV Filters
    2022-08-12 11:36 - 2021-03-22 13:57 - 000002334 ____H C:\Users\Bob\Documents\Default.rdp
    2022-08-12 11:01 - 2021-06-14 22:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive
    2022-08-12 10:10 - 2022-01-22 22:11 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1004
    2022-08-12 10:10 - 2022-01-22 22:11 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1001
    2022-08-12 10:10 - 2022-01-22 22:11 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-500
    2022-08-12 10:10 - 2022-01-22 22:11 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
    2022-08-12 10:10 - 2021-03-23 20:05 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-08-12 08:38 - 2021-06-15 17:20 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2022-08-12 08:38 - 2021-06-15 17:20 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2022-08-12 00:57 - 2021-03-22 20:12 - 000000000 ____D C:\Users\Bob\VirtualBox VMs
    2022-08-11 23:55 - 2022-01-22 22:11 - 000003984 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
    2022-08-11 23:55 - 2022-01-22 22:11 - 000003752 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
    2022-08-11 22:29 - 2021-03-20 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
    2022-08-11 22:29 - 2021-03-20 14:35 - 000000000 ____D C:\Program Files\ShareX
    2022-08-11 21:48 - 2021-03-20 11:52 - 000000000 ____D C:\Users\Bob\AppData\Local\Packages
    2022-08-11 16:59 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Gradient
    2022-08-11 16:58 - 2021-08-20 17:29 - 000000000 ____D C:\Users\Bob\Desktop\Miscellaneous
    2022-08-11 16:57 - 2021-06-17 12:19 - 000000000 ____D C:\Users\Bob\Desktop\!NAG
    2022-08-11 16:57 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Meyer
    2022-08-11 16:55 - 2021-06-15 17:22 - 000000000 ___RD C:\Users\Bob\Dropbox
    2022-08-11 15:46 - 2021-03-22 13:58 - 000000000 ____D C:\Users\Bob\Documents\Personal
    2022-08-11 15:22 - 2021-03-21 17:40 - 000000000 ____D C:\Users\Bob\AppData\Roaming\WhatsApp
    2022-08-11 13:02 - 2021-06-07 23:21 - 000000000 ____D C:\Users\Bob\AppData\Local\babl-0.1
    2022-08-11 11:49 - 2021-06-07 23:28 - 000000000 ____D C:\Users\Bob\AppData\Local\gtk-2.0
    2022-08-10 23:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
    2022-08-10 23:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-08-10 19:43 - 2021-03-20 14:21 - 000000000 ____D C:\Program Files (x86)\XYplorer
    2022-08-10 15:46 - 2022-01-29 13:05 - 000000000 ___HD C:\.tmp.drivedownload
    2022-08-10 15:20 - 2021-03-21 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2022-08-10 11:51 - 2022-04-11 14:44 - 000000000 ____D C:\Users\Bob\AppData\Local\WhatsApp
    2022-08-10 10:10 - 2021-06-05 19:49 - 000000000 ____D C:\Users\Bob\AppData\Local\NVIDIA Corporation
    2022-08-10 08:29 - 2022-04-10 17:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2022-08-10 08:29 - 2022-04-10 17:18 - 000000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2022-08-10 01:23 - 2022-01-22 21:57 - 000572040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-08-10 01:22 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2022-08-10 01:22 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2022-08-10 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-08-10 01:15 - 2022-01-22 22:00 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2022-08-10 01:10 - 2021-03-20 22:06 - 000000000 ____D C:\Program Files\dotnet
    2022-08-10 01:10 - 2021-03-20 13:27 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-08-10 01:10 - 2021-03-20 12:34 - 000000000 ____D C:\ProgramData\Package Cache
    2022-08-10 01:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2022-08-10 01:05 - 2021-03-20 13:27 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2022-08-09 23:04 - 2021-03-23 15:31 - 000002406 ____H C:\WINDOWS\EPMBatch.ept
    2022-08-09 23:03 - 2021-03-23 15:21 - 000000000 _____ C:\WINDOWS\BcdLog.txt
    2022-08-09 22:48 - 2021-03-21 11:39 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2022-08-09 22:48 - 2021-03-21 11:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
    2022-08-09 22:32 - 2021-03-20 20:41 - 000000000 ____D C:\ProgramData\SystemAcCrux
    2022-08-09 16:14 - 2022-02-14 18:50 - 000000000 ____D C:\Program Files\Microsoft Office
    2022-08-09 15:32 - 2022-05-09 14:35 - 000000000 ____D C:\Users\Bob\GearWatchDesigner
    2022-08-09 14:49 - 2022-05-09 14:33 - 000000000 ____D C:\ProgramData\Oracle
    2022-08-09 14:14 - 2021-08-14 11:04 - 000002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
    2022-08-08 20:21 - 2021-03-22 20:45 - 000000000 ____D C:\Users\Administrator\Documents\Windows_10_x64 2021-3-22 19-45
    2022-08-07 16:13 - 2021-03-20 21:26 - 000001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncBackPro.lnk
    2022-08-06 15:26 - 2022-03-26 19:18 - 000001197 _____ C:\Users\Bob\Desktop\Multi-Sub Optimizer.lnk
    2022-08-06 15:19 - 2022-04-10 01:12 - 000000000 ____D C:\Users\Bob\REW
    2022-08-06 14:57 - 2022-06-07 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REW
    2022-08-06 14:57 - 2022-06-07 17:18 - 000000000 ____D C:\Program Files\REW
    2022-08-05 09:48 - 2022-02-15 10:04 - 000002414 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
    2022-08-05 09:16 - 2022-02-12 15:44 - 000000000 ____D C:\Program Files (x86)\Stardock
    2022-08-04 14:51 - 2019-12-07 10:10 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscimprov.dll
    2022-08-04 14:51 - 2019-12-07 10:10 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscommgmt.dll
    2022-08-04 14:51 - 2019-12-07 10:10 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsadmin.exe
    2022-08-04 14:51 - 2019-12-07 10:10 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcinfo.exe
    2022-08-04 14:51 - 2019-12-07 10:10 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsnp.dll
    2022-08-04 14:51 - 2019-12-07 10:10 - 000093510 _____ C:\WINDOWS\system32\nfsmgmt.msc
    2022-08-04 14:51 - 2019-12-07 10:10 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\showmount.exe
    2022-08-04 14:51 - 2019-12-07 10:10 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfscprop.dll
    2022-08-04 14:51 - 2019-12-07 10:10 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsrc.dll
    2022-08-03 18:04 - 2021-03-21 02:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2022-08-01 17:47 - 2021-03-20 11:59 - 000000000 ____D C:\ProgramData\Packages
    2022-07-30 11:33 - 2021-03-23 19:00 - 000000028 _____ C:\WINDOWS\OutLog.txt
    2022-07-30 11:28 - 2021-03-20 20:41 - 000000000 ____D C:\Program Files (x86)\EaseUS
    2022-07-30 09:58 - 2021-03-25 01:58 - 000000000 ____D C:\Program Files (x86)\Seagate
    2022-07-28 11:39 - 2021-10-15 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
    2022-07-28 11:39 - 2021-10-15 22:38 - 000000000 ____D C:\Program Files\Logi
    2022-07-27 09:33 - 2021-03-21 19:00 - 002754000 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
    2022-07-27 09:33 - 2021-03-21 19:00 - 000234960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
    2022-07-27 09:33 - 2021-03-21 19:00 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
    2022-07-27 09:32 - 2021-11-18 13:09 - 000144856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
    2022-07-27 09:32 - 2021-03-21 19:00 - 000402904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
    2022-07-27 09:32 - 2021-03-21 19:00 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
    2022-07-27 09:32 - 2021-03-21 19:00 - 000067032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
    2022-07-27 09:10 - 2022-01-22 22:11 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-07-27 00:27 - 2021-03-20 22:05 - 000000000 ____D C:\ProgramData\chocolatey
    2022-07-25 00:38 - 2021-08-20 17:40 - 000000000 ____D C:\Users\Bob\Desktop\NUC
    2022-07-24 16:14 - 2021-03-27 13:15 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Sky Go
    2022-07-23 12:14 - 2021-09-19 17:10 - 000001092 _____ C:\Users\Bob\Desktop\Sky Go.lnk
    2022-07-23 12:14 - 2021-03-27 13:15 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
    2022-07-20 20:02 - 2022-05-15 19:10 - 000000048 _____ C:\WINDOWS\SysWOW64\EUTB.TODK
    2022-07-19 15:50 - 2022-07-09 10:55 - 001081592 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxSup.sys
    2022-07-19 15:50 - 2021-03-21 16:47 - 000191184 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
    2022-07-19 10:22 - 2022-07-13 09:42 - 000000000 ____D C:\Users\Bob\Desktop\!Lynton
    2022-07-16 17:49 - 2022-01-23 14:18 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1182144281-2128924332-3640585907-1005
    2022-07-16 01:36 - 2021-03-20 12:59 - 000000000 ____D C:\Users\Bob\Desktop\!Concentric
    2022-07-15 13:48 - 2021-03-26 08:55 - 000000000 ____D C:\Users\Bob\AppData\Roaming\EurekaLog
    2022-07-15 01:21 - 2022-01-23 05:47 - 000000000 ____D C:\WINDOWS\en-GB
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2022-07-15 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents

    ==================== Files in the root of some directories ========

    2022-08-11 20:36 - 2019-12-07 10:10 - 000045984 ___SH (Microsoft Corporation) C:\Users\Bob\apjwu.exe
    2022-06-08 16:23 - 2022-06-08 16:23 - 000000032 _____ () C:\Users\Bob\AppData\Roaming\07_05_2014_XX
    2018-01-26 16:20 - 2018-01-26 16:20 - 001752576 _____ (Microsoft Corporation) C:\Users\Bob\AppData\Roaming\Nvidia.exe
    2021-03-23 14:19 - 2022-08-14 09:33 - 000010796 _____ () C:\Users\Bob\AppData\Roaming\Safer-Networking.log
    2022-03-10 23:26 - 2022-03-10 23:26 - 000049600 _____ (Microsoft Corporation) C:\Users\Bob\AppData\Roaming\servicemaster.exe
    2022-07-24 22:49 - 2022-08-14 10:06 - 000000128 _____ () C:\Users\Bob\AppData\Roaming\winscp.rnd
    2022-07-24 22:53 - 2022-07-24 22:55 - 000000128 _____ () C:\Users\Bob\AppData\Local\PUTTY.RND
    2022-08-13 10:41 - 2022-08-13 10:41 - 000005772 _____ () C:\Users\Bob\AppData\Local\recently-used.xbel
    2021-03-23 14:50 - 2021-04-30 16:11 - 000007652 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
    2021-06-15 16:28 - 2021-06-15 16:28 - 000000000 _____ () C:\Users\Bob\AppData\Local\{B932F81B-4F88-47CC-BBF4-A4F56A2EB52A}
    2021-06-15 16:26 - 2021-06-15 16:26 - 000000000 _____ () C:\Users\Bob\AppData\Local\{F46AC5EB-762E-4D0B-AF3F-B392544D1BAA}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
    [/CODE] aswMBR.txt
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2022-08-14 11:14:07
    -----------------------------
    11:14:07.895 OS Version: Windows x64 6.2.9200
    11:14:07.903 Number of processors: 12 586 0x7100
    11:14:07.911 ComputerName: BOBS-RYZEN UserName: Bob
    11:14:07.925 Initialze error 1
    11:15:17.289 AVAST engine defs: 17030301
    11:15:39.583 The log file has been saved successfully to "D:\aswMBR\aswMBR.txt"




    Any help would be greatly appreciated to remove this nasty blighter!
    Thanks
    PS I am a 'Home' licensee!
    Bob
    Last edited by Juliet; 2022-08-14 at 17:55.

  2. #2
    Junior Member
    Join Date
    Sep 2017
    Posts
    3

    Default Sorted?

    After further investigation I think I found the culprit.

    APJWU.EXE

    There was a hidden and 'system' folder in my userprofile directory in which this was sat with a couple of other files. But looking at the taskmanger I'd say that this loaded first, then spawned another version of itself in my userprofile directory and then ran from that. A few minutes later the former burst into life and the latter disappeared. Even then the task manager was showing this file 'running' but there was no file on the HDD. The hidden folder ('iesqno') seemed to initiate the issue.

    Taskmgr_UKJCX5rVp2.png

    So I quickly ended both tasks and shredded the 'iesqno' folder.
    Fingers crossed

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,082

    Default

    Those were long logs to research, and we can do some tidy up.


    'Interweb Managed Antivirus Endpoint Master Service' (ManagedAntivirus) <== you download this?
    Spybot - Search & Destroy finds this and Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\Bob\AppData\Local\01kith2k.lhh\MasterService.exe;
    https://www.microsoft.com/en-us/wdsi...4&enterprise=0

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator, just open it and let it wait)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::

    Start::
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
    CustomCLSID: HKU\S-1-5-21-1182144281-2128924332-3640585907-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
    AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [213]
    AlternateDataStreams: C:\Users\Public\DRM:[48] احتضان
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.reg: => <==== ATTENTION
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.bat: => <==== ATTENTION
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1001\Software\Classes\.cmd: => <==== ATTENTION
    FirewallRules: [UDP Query User{CF4198A7-B80F-4F38-8F3B-378D1EC55DB1}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{E7237AAF-2B3E-4F21-8954-6A45FA32BEE0}C:2\forzahorizon5.exe] => (Allow) C:2\forzahorizon5.exe => No File
    FirewallRules: [{4285BF2B-814C-408A-9025-238082B986A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
    FirewallRules: [{D20AB119-6373-42B6-B7D0-CB0FCAB12031}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
    FirewallRules: [{9CA2861E-0E4D-44F9-AB3C-3D17F05B5848}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
    FirewallRules: [{04F9D5C7-57E4-4B19-9522-9A93BAA6A578}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5032.exe => No File
    FirewallRules: [{7FA052FE-C5A5-4B88-9A49-EA3FD0D5A5A4}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
    FirewallRules: [{78AAA5FA-E70D-4E0D-9933-1FAAD72E0B70}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN5064.exe => No File
    FirewallRules: [{ADD92530-E5CB-4D6C-B8BE-3FEA14DEBE14}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
    FirewallRules: [{DDE6CE52-9F30-4CE2-A6B7-275BA49D29D2}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe => No File
    FirewallRules: [{A078ECAE-0237-46C5-8E09-0216E44B6E3C}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
    FirewallRules: [{D11DDA8C-291D-4456-83FB-537BDE67D0AF}] => (Block) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe => No File
    FirewallRules: [{8F354961-D964-41E9-A47F-A21858D14DBB}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
    FirewallRules: [{FB1298C0-8189-4D6D-9503-58A7BAC457C1}] => (Block) C:\Program Files (x86)\DisplayFusion\unins000.exe => No File
    FirewallRules: [TCP Query User{5B29A39D-F18C-4AD5-A039-5F071753EB91}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{E98D3FF4-3001-4417-8429-42701FD27CBD}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [TCP Query User{5B84AB25-DE16-4FD6-B5D6-436A345C5099}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{F47F4BBA-597B-4087-B846-320DD9953790}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{2BF313DD-626F-480F-9361-0205BE3ABCA3}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{79911674-88D9-4C33-BD44-CC7A96F1A0A1}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{65171673-A781-4301-933B-05D55A523348}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
    FirewallRules: [UDP Query User{125BF98B-0375-4900-8356-410265F2FA58}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => No File
    FirewallRules: [TCP Query User{62CFBA62-6DF7-4F15-8BDD-06DED3BFC74F}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
    FirewallRules: [UDP Query User{95BACF11-F3D8-4FA1-8479-5D82C9EBE517}C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\adobe cef helper.exe => No File
    FirewallRules: [{400AC16F-F4ED-4F43-8CCE-0104D390A749}] => (Allow) C:\Users\Bob\AppData\Local\Programs\Opera\89.0.4447.91\opera.exe => No File
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe" --startup_mode (No File)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-1004\...\Run: [Fences] => "c:\program files (x86)\stardock\fences\Fences.exe" /startup (No File)
    HKU\S-1-5-21-1182144281-2128924332-3640585907-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (No File)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Task: {6A1E6600-AA29-4F0A-BE22-29F1A484771E} - System32\Tasks\Disable_Wake => "C:\Users\Bob\Google Drive\Disable_Wake.cmd" (No File)
    Task: {6C496493-7417-4A79-B1C2-7AFE38FE5237} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat (No File)
    Task: {765690B6-F6FE-4E2F-82ED-E6B19F99A452} - System32\Tasks\Opera scheduled Autoupdate 1660301580 => C:\Users\Bob\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
    Task: {A2971177-B9E6-42F5-9F34-8A44775EB5BF} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
    Task: {A5F3D623-6A86-47A1-B637-E126039361C3} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe (No File)
    Task: {AECCF170-95CE-4BC6-9759-3AB67E2635DF} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
    Task: {F984F90B-3740-4420-8F4B-E3AB53B60E45} - System32\Tasks\Enable Wake => "C:\Users\Bob\Google Drive\Enable_Wake.cmd" (No File)
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-08-14] <==== ATTENTION (Points to *.cfg file)
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Profile2 [2022-08-12] <==== ATTENTION
    R3 ALSysIO; C:\Users\Bob\AppData\Local\Temp\ALSysIO64.sys [47240 2022-08-14] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
    S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
    U4 npcap_wifi; no ImagePath
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Malwarebytes AdwCleaner

    -------------------
    • Please download AdwCleaner and save it to your Desktop
    • Close all open programs and browsers
    • Right click on the icon and select Run as administrator
    • Click Scan now
    • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    • When completed click View Scan Log File
    • Copy and paste the contents in your reply
    • Click Skip Basic Repair if it appears then close the program

    ===================================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,082

    Default

    Glad we could help, this topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •