Free Malware Removal Forum

by **jwdo** » April 28th, 2024, 7:20 pm

And here is the SearchReg.txt:
Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by Dave (28-04-2024 16:08:50)
Running from C:\Users\Dave\Desktop
Boot Mode: Normal

================== Search Registry: "OfferCore;PUABundler;PiriformBundler;PUIDIManager" ===========

===================== Search result for "OfferCore" ==========

[HKEY_USERS\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Microsoft\Office\12.0\Word\File MRU]
"Item 44"="[F00000000][T01DA945021DD80B0]*C:\Users\Dave\Documents\How to Remove the PUADlManager(colonWin32(forward Slash)OfferCore.docx"

[HKEY_USERS\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{9DF8ACC3-78A7-4079-9912-93586746B3DD}]
"FilePath"="\\?\Volume{3F368316-D45D-11E8-8B54-806E6F6E6963}\Users\Dave\Documents\How to Remove PUADIManager_Win32_OfferCore_ [ Easy Tutorial ].mp4"

[HKEY_USERS\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed\{8F62AC30-65B3-4A39-A3E6-0BC9AF2F9B27}]
"FilePath"="\\?\Volume{3F368316-D45D-11E8-8B54-806E6F6E6963}\Users\Dave\Documents\How to Remove PUADIManager_Win32_OfferCore_ [ Easy Tutorial ].mp4"

===================== Search result for "PUABundler" ==========

===================== Search result for "PiriformBundler" ==========

===================== Search result for "PUIDIManager" ==========

====== End of Search ======

by **pgmigg** » April 29th, 2024, 12:06 am

Thank you, jwdo, great job!

Right now please do the following:

Open File Explorer, then on the View menu at the top, temporarily turn on 'Hidden Items'.
Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
Delete completely the contents of that Service folder.
Close File Explorer.
Open Windows Defender and select the option to perform an offline scan - your PC will restart to perform that scan.
Then check if that malware list is clear.

Please let me know the result of this action in your next replay.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **jwdo** » April 30th, 2024, 10:57 am

Well I tried deleting the files in the Service folder, but my computer wouldn't do it. It kept saying that I need SYSTEM permission to delete the files even though I am the administrator. I also ran the windows defender offline scanner, but nothing has changed. I don't know how to obtain system permission. Malware is still there.

by **pgmigg** » April 30th, 2024, 11:59 pm

jwdo wrote:It kept saying that I need SYSTEM permission to delete the files even though I am the administrator.

Yes, it is true and we need to make a few additional steps to resolve this issue.
My decision of what to do next will depends on the list of files you have in that directory. Please do the following:

Get listing of files

Click Start, then in the Search programs and files box type Notepad, then hit Enter.
This will open an empty Notepad file.

Copy/Paste the contents of the box below into Notepad. (Don't include Code: Select All ).

Code: Select all

@ echo off

dir "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" > "%userprofile%\desktop\log.txt"

Notepad.exe %userprofile%\Desktop\log.txt
Del log.txt
Del %0

Click Format and ensure Wordwrap is unchecked.
Save as Export.bat
Save as file type All Files or it won't work.
Now double click on Export.bat to run it.
A file log.txt will open on your Desktop, please post the contents in your next reply.

Please note ... when you close log.txt both it and Export.bat will be deleted.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **jwdo** » May 1st, 2024, 10:42 am

Here is the log.txt:
Volume in drive C has no label.
Volume Serial Number is 9078-0356

Directory of C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

08/03/2021 03:12 PM <DIR> .
08/03/2021 03:12 PM <DIR> ..
04/23/2024 10:00 AM <DIR> DetectionHistory
04/30/2024 02:38 PM 298 Detections.log
04/30/2024 12:23 PM 78 History.Log
04/28/2024 03:34 PM 2,188 Unknown.Log
3 File(s) 2,564 bytes
3 Dir(s) 604,363,223,040 bytes free

by **pgmigg** » May 1st, 2024, 2:50 pm

Very well, jwdo!

Let's continue...

Deal with permissions and files.

Open an Elevated Command Prompt.
1. In the System Tray, click Start or the magnifying glass icon.
2. Type cmd in the search box.
3. Right click on Command Prompt application (at top) and in the list of options please select and click on "Run as administrator...".
4. The Elevated Command Prompt opens to C:\Windows\System32>
Take ownership of directory and contents.
1. Copy/Paste the contents of the box below into opened Elevated Command Prompt. (Don't include Code: Select All).
  Note: To Paste it, please right-click on the beginning of prompt and select Paste.
  Code: Select all
```
takeown /f "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" /r
```
2. Press Enter and be patient... action will take a while!
Grant yourself full control for directory, including subdirs.
1. Copy/Paste the contents of the box below into opened Elevated Command Prompt. (Don't include Code: Select All).
  Note: To Paste it, please right-click on the beginning of prompt and select Paste.
  Code: Select all
```
icacls "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" /grant "%USERDOMAIN%\%USERNAME%":(F) /t
```
2. Press Enter and wait until it's over!
Make your changes.
1. Open File Explorer, then on the View menu at the top, temporarily turn on 'Hidden Items'.
2. Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
3. Delete completely the contents of that Service folder.
4. Close File Explorer.
Change ownership back.
1. Copy/Paste the contents of the box below into opened Elevated Command Prompt. (Don't include Code: Select All).
  Note: To Paste it, please right-click on the beginning of prompt and select Paste.
  Code: Select all
```
icacls "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" /setowner "NT SERVICE\TrustedInstaller" /t
```
2. Press Enter and wait until it's over!
3. Close Elevated Command Prompt.
Windows Defender offline scan.
1. Open Windows Defender and select the option to perform an offline scan - your PC will restart to perform that scan.
2. Then check if that malware list is clear.

Please include in your next reply:

Do you have any problems executing the instructions?
Result of Windows Defender offline scan.
Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **jwdo** » May 1st, 2024, 5:05 pm

When I copied and pasted the string in letter B, I got the message ERROR: Access is denied. I did not include code. Should I skip B and go to C?

by **pgmigg** » May 1st, 2024, 10:10 pm

I don't think that C will work (probably you will get the same warning message), but please try to skip B ang go to C and other steps after - we never quite know...

by **jwdo** » May 2nd, 2024, 11:23 am

You're right Access is denied on C as well. I did run CMD as administer and I tried copying the string after the prompt > then I tried hitting the space bar once and recopying the string. Both attempts were access is denied. Do I have an unsolvable problem?

by **pgmigg** » May 2nd, 2024, 11:37 am

jwdo wrote:... I tried copying the string after the prompt > then I tried hitting the space bar once and recopying the string.

I don’t understand why you pressed the spacebar after “>” - there are two ways to paste copied information into a line - the option I described with the mouse and the trivial Ctrl-V .

jwdo wrote:Do I have an unsolvable problem?

No, that's not true, I just need some extra time to think...
Then a new sequence of instructions will arise (perhaps more than one) and, in the end, we will cope with the problem together.

by **jwdo** » May 2nd, 2024, 3:55 pm

Great, thanks. I've already learned a lot by all your posting.

by **pgmigg** » May 2nd, 2024, 11:33 pm

iwdo wrote:I've already learned a lot by all your posting.

You are very welcome, jwdo!

Let s continue our treatment...

Using Safe Mode...

Please close all open programs and windows.
Go to Start > Settings > Update & Security > Recovery.
Click the Restart Now button under the Advanced startup section.
You will enter Windows RE mode.
Go to Troubleshoot > Advanced options > Startup Settings > Restart.
Press the F4 key to enter Windows 10 Safe Mode, then wait for a while...
Login to your computer as usual but be ready that opened Desktop will look unusual, as if with larger icons and fonts - this is normal for Safe Mode.
Open File Explorer, then on the View menu at the top, temporarily turn on 'Hidden Items'.
Navigate to this folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
Delete completely the contents of that Service folder.
Close File Explorer.
Restart your computer in the usual way - don't be surprised, this process may take longer than usual.
Open Windows Defender and select the option to perform an offline scan - your PC will restart to perform that scan.
Then check if that malware list is clear.

Note: Please print out the all steps above before starting to execute it - in the Safe Mode you will not have Internet connection, access to printer and other useful things!

Please let me know the result of this action in your next replay.
Don't be upset if it doesn't work this time too - this is not the last way to get rid of your infection.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **jwdo** » May 3rd, 2024, 6:24 pm

You are a genius. My malware is all gone. I can't believe you helped me do this. Thank you, Thank you, Thank you. This website is fantastic!!!

by **pgmigg** » May 3rd, 2024, 7:50 pm

Hello, iwdo!

Thanks a lot for your compliments and I glad to know that this malware is all gone - you are very welcome!

But we are not finished yet - right now I need to clean all related stuff which has repeatedly returned after we destroyed it. Now that the cause has disappeared, it is necessary to remove the consequences.

Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.

Please close all open programs and windows.
Right-click FRST64.exe and select "Run as administrator..." to run it.
When the tool opens click Yes to the disclaimer if it is occurred.
Please be sure that Addition.txt check box under Optional Scan section is checked.
Press Scan button. When finished a two logs FRST.txt and Addition.txt will be created and opened in Notepad.
Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

Do you have any problems executing the instructions?
Contents of the FRST.txt log file after fresh FRST scan
Contents of the Addition.txt log file after fresh FRST scan
Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **jwdo** » May 3rd, 2024, 8:43 pm

Ok, here is FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by Dave (administrator) on DAVE-PC (03-05-2024 17:27:41)
Running from C:\Users\Dave\Desktop\FRST64.exe
Loaded Profiles: Dave
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4355 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\90.0.3.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(conhost.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Realtek) [File not signed] C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2403.5.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11551624 2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6975864 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11247648 2024-04-21] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\...\Run: [MicrosoftEdgeAutoLaunch_525658F00744E14F17037BCCD3CC786D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4081192 2024-05-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4182419237-4015324695-3907471336-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26066696 2024-03-14] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Print\Monitors\HP 0853 Status Monitor: C:\WINDOWS\system32\hpinksts0853LM.dll [476856 2019-03-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5000 series): C:\WINDOWS\system32\HPDiscoPM0853.dll [987040 2019-03-18] (HP Inc -> HP Inc.)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.119\Installer\chrmstp.exe [2024-05-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B868A5A-309C-4B26-8510-45FEAEEBDD39} - System32\Tasks\{FD54965B-CC62-49DD-B566-0FB9EC51EB21} => C:\Windows\System32\pcalua.exe [53760 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH\setup.exe -d C:\Users\Dave\Desktop\ENGLISH\Driver\Inst\ENGLISH
Task: {DFCD6C2B-3897-4B02-97C2-7AC16B827023} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {941B174E-0870-49FD-89D9-D12D31D41760} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {93BBBB91-41ED-40D4-AC8A-80E778716B1F} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-11-17] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {E88A9596-EE2F-4093-A61C-56FCA62C2893} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {415D11DF-2D38-47EC-8E0D-B72054A94B7F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "1e19de12-5a41-46bc-b82b-e4e77ac56060" --version "6.23.11010" --silent
Task: {0CCB9D4C-FA40-4825-B33F-C5914611F588} - System32\Tasks\CCleanerSkipUAC - Dave => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DDD5A1FC-AEA1-42EE-AF98-2AEF1B1C866D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5672240 2024-05-01] (Microsoft Windows -> Microsoft Corporation)
Task: {CD166542-F4D9-4FAC-812B-963A101BEE40} - System32\Tasks\Driver Booster SkipUAC (Dave) => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\DriverBooster.exe" /skipuac (No File)
Task: {1B36D84A-2374-42A4-97C9-E52C14743354} - System32\Tasks\Driver Booster Update => "C:\Program Files (x86)\IObit\Driver Booster\11.0.0\AutoUpdate.exe" /auto (No File)
Task: {6A375C80-2380-48EB-B719-CC2A21488DF8} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [4036480 2023-06-06] (Easeware Technology Limited -> Easeware) -> C:\Program Files\Easeware\DriverEasy\--scan
Task: {C5E29409-A453-4712-ADED-CE411BA4AA2C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {325E84FF-A85B-4A4C-B566-8E84D86A8297} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F32E5FAB-96F5-4089-B997-AF71FC138FC6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{C34C7799-B7DD-4786-B4F2-31BBE57956B0} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
Task: {2F40F489-3391-456A-AE87-7F2ED37ABE73} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {D82E3D48-16D1-433F-8335-57803A159015} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6854344 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions)
Task: {3F877861-7CC3-4D44-B8BB-B21139C5195B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {2E73767F-4AC5-4CAD-AA2E-6FA24787E7C8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-07] (HP Inc. -> HP Inc.)
Task: {8322D888-280B-466F-AD72-0CA25B41BC45} - System32\Tasks\HPCustPartic.exe_{A9B495E6-E826-4F50-97A5-032272AB3E58} => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {1D0C96DD-8C6B-42BB-B762-1F164072629F} - System32\Tasks\HPCustParticipation HP ENVY 5000 series => C:\Program Files\HP\HP ENVY 5000 series\Bin\HPCustPartic.exe [6666840 2022-06-16] (HP Inc. -> HP Inc.)
Task: {493CA380-C4C0-4F5B-8E87-3E3736DA7106} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {67FEBD2C-00B8-4088-8722-C0E619675FFB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {096904DC-4194-4ECF-B773-68CAE46BA45A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe -Daily (No File)
Task: {FD1AC3FB-F420-45A1-9C95-521055A59BC2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {5B28B241-5329-4026-A326-ADF510444C52} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {D57E5365-BB8B-471D-A7DA-CC1D6B58B7BB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {069BD4D8-2593-40CF-B3AE-E1292D13B17C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {2ABC0882-5F8B-4489-AFC2-2FCABB6CCFB6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {08EA6DBA-60B8-4BE3-B61D-30D0A234A9FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {D796E70E-A3B2-498E-B46E-5FDCACF0571E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {4CACF05D-5EA3-4484-86C4-654473548659} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {7A071A03-0F85-4AB0-A056-D149DD8BBACA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A3B3620B-494D-493A-88CB-AD136F949375} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {99456242-E155-4444-B6A1-2C2353B77678} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {2E9572EE-E4F6-4E7E-BF55-4E26494045F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {E2FBF8C3-C68D-4E93-84E8-2366FD125899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {FF5876C5-4EFB-49E8-9D80-1B89D2717DE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BB6E729F-9653-43F8-A5FB-02FD38E777E6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {92CEC713-5199-4946-9AAE-F610BD442836} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {5F36ADB3-20A9-454D-ADCD-E39E74EF675B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {9C61194E-54BF-4AE0-9FDA-39876A1DB0DF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {8190DCFC-256D-438E-98A5-9F1745933597} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {338ECEFE-E0EA-455E-9234-F71F36E78584} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {BDA8A301-B92B-492B-BAD2-75488FF18606} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9369BBC8-4A57-4A67-A10B-1FE6A1A2C1C2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {500A976C-603C-42CF-91A0-2CE8A08066AA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F7CFD29-316A-4055-8288-33DE28F4A258} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {9ACB4B99-6459-4C3C-BC4C-53C4EAA21893} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {73ACFD01-D105-4D4F-9290-7DA6C7675159} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {EE0FE736-87AF-4B80-8DE9-FACC26A64EBE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {507785E3-6B72-4CF6-9AD5-BB36AA807E06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34807CC3-8BD0-455F-A2D5-EEE6C14E770C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B06297C-4AD8-4FB2-BFC4-739AAAC9BE2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0481C891-69DB-4BE1-B215-CB75542F2DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FBF4108-1525-4D9D-AF78-22962B0BB15F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {177F6B9F-5D04-4E03-8C05-6624740BFD3C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {41ED38DF-BB53-494A-8034-49AA0AB13C30} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {777492D2-6149-4DE1-8A08-83EF445583E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FFD823A-65CC-4D8C-A94D-5D747D65F82B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {20D17AF5-8FEF-4EE6-8848-BAFA6276989A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97E1C190-5DAA-40C3-9A62-3EB64613831C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09021979-FAC0-4FF5-BBA0-05B0960506E0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B694463C-A27B-4A9F-974E-5DF2DE13C6AD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {753BC523-A924-4E65-BFA2-0D2B75CDD1DF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FC122B3-712B-471F-AD11-D1C9E8C132E6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5CDD4E97-AB3F-465C-A3F3-AE1D03CB1770} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {2E2132F2-F3AA-41A9-AA06-8744A399C049} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8A36A838-4160-4129-A7F0-B6946B94849F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {65659F3C-E07D-400C-B2B6-DFA494F0AA60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B7AABF2A-BE29-4D72-B944-8833FF3ACA28} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {EAA67B9E-D7F7-4480-A88A-00F260B75845} - System32\Tasks\Software Update => C:\Program Files (x86)\Glarysoft\Software Update\Software Update.exe [1023384 2023-11-28] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {1DBF6FE4-3581-4937-98B4-934241C099D7} - System32\Tasks\Systweak Software Updater AppUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe updatecheck (No File)
Task: {8A55307B-7731-448F-9DF9-73F3846F20D7} - System32\Tasks\Systweak Software Updater DBUpdate Scheduler => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe SSU_DBUpdate (No File)
Task: {B010E9C5-7CFC-4E16-A2ED-5E57EE95942A} - System32\Tasks\Systweak Software Updater Notifier => C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe ssu_notifiernag (No File)
Task: {1BE79A07-E15B-43A2-B073-2A8C4961274F} - System32\Tasks\Systweak Software UpdaterNotifier => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe neweventtrigger (No File)
Task: {8E3D182C-B0C2-41BD-B072-41360EE178FC} - System32\Tasks\Systweak Software UpdaterNotifier_startup => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe startup (No File)
Task: {E8412613-E2EB-40DC-9CE4-89E79A23B3E6} - System32\Tasks\Systweak Software UpdaterNotifier_trigger => C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe startup neweventtrigger (No File)
Task: {11B453D6-C9BA-4031-94DE-1AE4AB4FD297} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18164424 2023-04-20] (INNOVATIVE SOLUTIONS GRUP SRL -> Innovative Solutions GRUP SRL) -> C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\\-AUSCAN

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}: [DhcpDomain] home
Tcpip\..\Interfaces\{adc4a8a3-7941-4ef7-a488-dc84f6088265}\44166756: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB5A33E1-62AA-4BF6-9C6D-6E67CAAB6B05}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-03]
Edge Notifications: Default -> hxxps://djst.org
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-27]
Edge Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-04]
Edge Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-01-05]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-04-23]
Edge Profile: C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-03-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: rvkvazm3.default-1674403214688
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rvkvazm3.default-1674403214688 [2024-04-27]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2024-04-25]
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-23]
CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-23]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-23]
CHR Extension: (Sheets) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-26]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-04-25]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-05-03]
CHR Notifications: Profile 1 -> hxxps://www.hp.com; hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2024-04-14]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-01]
CHR Extension: (Foxit PDF Creator) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-09-26]
CHR Extension: (Eno® from Capital One®) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2024-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-25]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dave\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-4182419237-4015324695-3907471336-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-05-01] (Dropbox, Inc -> Dropbox, Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
S3 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2366048 2023-04-17] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 GoogleUpdaterInternalService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-07] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [829208 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R2 Realtek92SU; C:\Program Files (x86)\Airlink101\Airlink101 WLAN Monitor\RtlService.exe [40960 2009-02-05] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Dave\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2023-11-06] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2020-10-13] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49664 2022-07-15] (Microsoft Corporation) [File not signed]
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-03 17:27 - 2024-05-03 17:30 - 000049875 _____ C:\Users\Dave\Desktop\FRST.txt
2024-05-03 15:10 - 2024-05-03 15:14 - 000260802 _____ C:\WINDOWS\ntbtlog.txt
2024-05-02 14:08 - 2024-05-02 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-05-02 08:25 - 2024-05-02 08:25 - 002289580 _____ C:\Users\Dave\Downloads\wp_E_202407 (1)c.pdf
2024-05-01 23:33 - 2024-05-01 23:33 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-04-30 16:38 - 2024-04-30 16:38 - 000000000 ___HD C:\$WinREAgent
2024-04-30 12:53 - 2024-04-30 12:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-04-29 15:10 - 2024-05-03 15:14 - 118226944 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-04-29 14:57 - 2024-04-29 15:10 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-04-29 14:23 - 2024-04-29 14:23 - 000000424 __RSH C:\ProgramData\ntuser.pol
2024-04-27 19:16 - 2024-04-28 08:10 - 000001418 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-27 19:16 - 2024-04-27 19:16 - 000000000 ____D C:\Users\Dave\AppData\Local\ESET
2024-04-27 19:06 - 2024-04-27 19:08 - 000000000 ____D C:\AdwCleaner
2024-04-27 07:14 - 2024-04-27 07:14 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-26 08:47 - 2024-04-26 08:47 - 001609850 _____ C:\Users\Dave\Documents\bookmarks_4_26_24.html
2024-04-23 14:19 - 2024-04-22 16:48 - 002394112 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2024-04-23 14:03 - 2024-05-03 17:29 - 000000000 ____D C:\FRST
2024-04-22 08:14 - 2024-04-22 08:14 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4182419237-4015324695-3907471336-500
2024-04-22 08:13 - 2024-04-22 08:14 - 000002424 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2024-04-22 08:11 - 2024-04-22 08:11 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-22 08:10 - 2024-04-22 08:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-04-22 08:07 - 2024-04-22 08:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2024-04-22 08:06 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\ansel
2024-04-22 08:05 - 2024-04-22 08:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-04-22 08:05 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-04-22 08:05 - 2024-04-22 08:05 - 000002348 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2024-04-22 08:05 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000002008 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-04-22 08:04 - 2024-04-27 07:14 - 000001996 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-04-22 08:04 - 2024-04-22 08:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-04-22 08:04 - 2024-04-22 08:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-04-22 08:04 - 2024-04-22 08:04 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-04-22 08:04 - 2024-04-22 08:04 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2024-04-22 08:04 - 2021-06-20 17:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-04-22 08:04 - 2018-10-23 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-04-22 08:04 - 2009-07-14 00:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-04-22 08:03 - 2024-04-25 20:06 - 000000000 ____D C:\Users\Administrator
2024-04-22 08:03 - 2024-04-22 08:13 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-04-21 18:30 - 2024-05-03 15:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-21 10:30 - 2023-06-07 07:38 - 000455008 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20240421-103051.backup
2024-04-19 13:04 - 2024-04-19 13:12 - 000000000 ____D C:\Users\Dave\Downloads\Operating Systems
2024-04-19 11:57 - 2024-04-19 12:50 - 000000000 ____D C:\Users\Dave\Downloads\Virtual Machine
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-04-19 11:04 - 2024-04-19 11:04 - 000000000 ____D C:\ProgramData\obs-studio
2024-04-19 11:03 - 2024-04-19 11:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\obs-studio
2024-04-18 08:38 - 2024-04-19 12:52 - 000000000 ____D C:\Users\Dave\Documents\Medical
2024-04-18 08:06 - 2024-04-18 08:06 - 001719622 _____ C:\Users\Dave\Downloads\ws_E_202407c.pdf
2024-04-11 09:18 - 2024-04-11 09:18 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-11 09:17 - 2024-04-11 09:17 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-08 08:32 - 2024-04-19 14:56 - 000000000 ____D C:\Users\Dave\Documents\Z Payments

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-03 17:22 - 2018-10-20 01:48 - 000000000 ___SD C:\Users\Dave\AppData\Roaming\Microsoft\Credentials
2024-05-03 17:21 - 2021-06-20 17:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-03 15:31 - 2021-06-21 12:39 - 000000000 ____D C:\Users\Dave\AppData\Roaming\FreeFileSync
2024-05-03 15:29 - 2018-10-21 14:12 - 000000000 ___RD C:\Users\Dave\Dropbox
2024-05-03 15:29 - 2018-10-21 14:08 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Dropbox
2024-05-03 15:29 - 2018-10-21 14:01 - 000000000 ____D C:\Users\Dave\AppData\Local\Dropbox
2024-05-03 15:23 - 2021-06-20 17:41 - 000801452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-03 15:23 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-05-03 15:23 - 2018-10-19 17:13 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-03 15:18 - 2020-04-20 21:04 - 000000000 ___RD C:\Users\Dave\Google Drive
2024-05-03 15:18 - 2018-12-13 17:39 - 000000000 ____D C:\Users\Dave\AppData\Local\Plex Media Server
2024-05-03 15:17 - 2023-05-09 16:15 - 000000000 ____D C:\Users\Dave\AppData\Local\Malwarebytes
2024-05-03 15:16 - 2022-07-08 12:34 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-05-03 15:16 - 2021-06-20 17:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-03 15:16 - 2021-06-20 17:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-03 15:16 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-03 15:14 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-05-03 15:08 - 2018-10-22 15:59 - 000000000 ____D C:\Users\Dave\AppData\Local\Everything
2024-05-03 15:08 - 2018-10-22 15:37 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Everything
2024-05-03 15:05 - 2023-06-08 16:00 - 000000000 _____ C:\Users\Dave\Documents\HPSmartPrintingPort
2024-05-03 13:00 - 2021-12-17 10:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-03 12:05 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-03 12:05 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-03 08:53 - 2018-10-23 19:30 - 000000000 ____D C:\Users\Dave\AppData\Roaming\WinX YouTube Downloader
2024-05-03 08:52 - 2019-06-19 22:22 - 000000000 ____D C:\Users\Dave\.cache
2024-05-03 08:15 - 2018-10-23 12:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-02 14:09 - 2018-10-21 14:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-05-02 14:08 - 2018-10-23 12:51 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Word
2024-05-02 08:46 - 2018-10-25 16:39 - 000000000 ____D C:\Users\Dave\Documents\Passwords
2024-05-02 08:41 - 2021-06-20 17:36 - 000458168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-05-02 08:36 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-02 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-02 08:36 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2024-05-02 08:27 - 2020-09-03 07:53 - 000000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2024-05-01 08:30 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Uninstallers
2024-05-01 07:58 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-01 07:33 - 2021-06-20 17:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-30 16:01 - 2018-12-23 10:45 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Excel
2024-04-30 14:18 - 2018-10-25 10:58 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-29 16:00 - 2021-07-31 13:59 - 000000000 ____D C:\Users\Dave\Documents\Test Folder
2024-04-29 13:48 - 2009-07-13 20:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-04-28 08:12 - 2018-10-25 10:26 - 000000000 ____D C:\Users\Dave\Desktop\Virus and Spyware
2024-04-27 21:05 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\backupwindowskey
2024-04-27 19:14 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Virus and Spyware Removal Tools
2024-04-27 19:08 - 2023-05-09 13:05 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IObit
2024-04-27 16:47 - 2022-03-15 08:13 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Temp
2024-04-27 16:32 - 2021-06-20 17:42 - 000000000 ____D C:\Users\Dave
2024-04-27 11:06 - 2021-07-20 13:29 - 000003810 _____ C:\WINDOWS\system32\Tasks\UninstallMonitor
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-27 07:14 - 2021-09-20 18:54 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-25 19:59 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2024-04-25 19:51 - 2019-01-02 14:34 - 000000000 ____D C:\Program Files (x86)\NirSoft
2024-04-23 11:08 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\FixWindows Media Player
2024-04-22 16:36 - 2018-10-25 16:47 - 000000000 ____D C:\Users\Dave\Documents\Computer
2024-04-22 16:25 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Software analyzer_Updater
2024-04-22 16:25 - 2018-10-21 10:34 - 000000000 ____D C:\Users\Dave\Downloads\Anti-Keyloggers
2024-04-22 15:46 - 2018-10-25 10:23 - 000000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2024-04-22 14:24 - 2018-10-25 16:52 - 000000000 ____D C:\Users\Dave\Documents\Health
2024-04-22 08:05 - 2021-06-20 17:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-21 18:52 - 2022-11-26 10:45 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-21 18:51 - 2019-01-02 15:29 - 000000000 ____D C:\WINDOWS\pss
2024-04-21 18:29 - 2021-01-29 11:03 - 000000000 ____D C:\Program Files\CCleaner
2024-04-21 11:41 - 2021-06-23 08:11 - 000000000 ____D C:\Users\Dave\AppData\Local\D3DSCache
2024-04-21 11:40 - 2022-11-26 10:45 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-21 11:39 - 2021-06-20 17:52 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-21 11:36 - 2018-10-25 10:28 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-04-21 08:40 - 2018-10-25 10:33 - 000000000 ____D C:\ProgramData\TEMP
2024-04-21 08:39 - 2018-10-25 10:33 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-04-20 15:38 - 2018-10-21 10:36 - 000000000 ____D C:\Users\Dave\Downloads\Word Processers
2024-04-19 16:09 - 2018-10-21 10:35 - 000000000 ____D C:\Users\Dave\Downloads\Screen capture & recording programs
2024-04-19 13:09 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Files -Folders
2024-04-19 10:18 - 2021-05-15 13:38 - 000000000 ___RD C:\Users\Dave\OneDrive
2024-04-19 09:39 - 2018-12-31 13:08 - 000000000 ___RD C:\Users\Dave\Desktop\Computer Analyzers
2024-04-19 09:38 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Computer Analyzers
2024-04-14 12:12 - 2021-06-20 17:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-12 03:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-11 10:36 - 2023-12-13 13:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-11 10:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-10 17:21 - 2023-03-23 07:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-10 17:21 - 2018-10-23 16:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-10 10:42 - 2023-10-08 07:47 - 000022693 _____ C:\Users\Dave\Downloads\PH Territory # 61.xlsx
2024-04-10 09:39 - 2018-10-19 17:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 09:32 - 2018-10-19 17:12 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-10 08:33 - 2021-06-20 17:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 21:07 - 2018-10-25 16:42 - 000000000 ____D C:\Users\Dave\Documents\A Theocratic Items
2024-04-08 12:03 - 2021-06-21 12:39 - 000000000 ____D C:\Program Files\FreeFileSync
2024-04-08 12:02 - 2018-10-21 10:33 - 000000000 ____D C:\Users\Dave\Downloads\Backup and Cloud Software
2024-04-03 19:04 - 2021-06-20 17:52 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-03 19:04 - 2021-06-20 17:52 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2019-07-26 12:46 - 2020-03-21 15:28 - 001178624 _____ (CPUID) C:\Users\Dave\AppData\Roaming\siw_sdk.dll
2022-07-31 07:32 - 2022-07-31 07:32 - 000000423 _____ () C:\Users\Dave\AppData\Roaming\u_data.lgvnx
2022-09-28 09:11 - 2022-09-28 09:11 - 000004096 ____H () C:\Users\Dave\AppData\Local\keyfile3.drm
2021-03-29 18:12 - 2021-03-29 18:12 - 000000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Free Malware Removal Forum

virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Re: virus detected on windows defender

Who is online