Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

McAfee identified Trojan:PDF/Dropper.YA in PDF file saved on my computer


  • Please log in to reply
21 replies to this topic

#1 SMS18

SMS18

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted 27 February 2024 - 03:21 PM

McAfee identified Trojan:PDF/Dropper.YA in PDF file and quarantined it.
 
McAfee firewall is enabled.
 
I scan my computer every night with Defender and every midday with McAfee. Defender showed no threats this morning; however, when McAfee had completed its midday scan, it listed one quarantined threat: Trojan:PDF/Dropper.YA. It was located in "C:\Users\sms\Desktop|FONTS AND GRAPHICS\FONTS all verified," (a folder I use to hold licenses for fonts I've installed on my computer.) The license that is quarantined is a pdf for Honey Script Font Family, which I don't recall using recently.
 
I had a false positive last month (Dennis helped me determine this), and since I've barely used my computer the past few days and not used the Honey Script Font, I hope this is another false positive. To be safe, I've completed the steps for submitting FRST logs. They follow.
 
Thank you in advance. Up until last month, I've had only a couple of issues like this in many years. I want to ensure my system is clean. I am grateful for your help.

------------------
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by sms (administrator) on DESKTOP-GDKJL4J (HP HP Pavilion Desktop PC 570-p0XX) (27-02-2024 13:44:06)
Running from C:\Users\sms\Desktop\FRST64.exe
Loaded Profiles: sms
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\McAfee\WebAdvisor\uihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe <5>
(C:\Users\sms\AppData\Roaming\Zoom\bin\Zoom.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\sms\AppData\Roaming\Zoom\bin\zWebview2Agent.exe
(C:\Users\sms\AppData\Roaming\Zoom\bin\zWebview2Agent.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe <11>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Grammarly, Inc. -> Grammarly) C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe <3>
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.14.212.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(svchost.exe ->) (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.14.212.1\neo\mc-neo-host.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3989_none_7ddb45627cb30e03\TiWorker.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\sms\AppData\Roaming\Zoom\bin\Zoom.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-14] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11560848 2024-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\Installer\setup.exe [7135784 2024-02-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HP OfficeJet Pro 9010 series (NET) #2] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HPB90E59 (HP OfficeJet Pro 9010 series)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HPB90E59.lan (HP OfficeJet Pro 9010 series)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [MicrosoftEdgeAutoLaunch_66108CE6BF7BC48A1520D523A0F82972] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [Grammarly] => C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [235616 2024-02-20] (Grammarly, Inc. -> Grammarly)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ZM S\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [37405032 2020-07-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ZM S\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64" [0 2020-07-31] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [52568 2009-08-19] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\stkMonitor: C:\WINDOWS\system32\stkMonitor.dll [65680 2021-05-31] (Amazon.com Services LLC -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe [2024-02-27] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13D46966-F41A-4A8D-81FC-9E2453CE3B3E} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10F3FF35-8A84-43B7-8F13-98FA370F3401} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sms@journey2astar.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {72F6E543-4706-4BDF-AE36-4721339986E3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E71005C0-1DD7-4B8E-9E4C-59637C74FBB9} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DAFD043C-AC0E-4A30-8D76-561C293ED14A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {B556DB51-73CC-40C3-B9CF-7D0CDD7CBEBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {D3C5B97E-C9D5-41E6-911A-C74991E1BAA1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C8279D1D-A25D-44C8-A1B4-E0A1219C735E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9DF84A35-EE32-4629-9BA6-7B74C17BADD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{684863FD-D994-4289-AE38-E38F681BB365} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
Task: {0A9F9C50-8AA4-45A9-A5FD-BB9FA1EAF048} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {464FA539-FDA1-4E3D-A5F9-7C91AB2EF956} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {8061A414-B034-458C-A1F5-C5773626A41E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {F2757879-46A4-456C-983E-F93EC9F0A27A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {F5F276C1-2AF1-4D21-8548-8F4717F7056D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {87E93DFC-286B-4916-8865-049E2523A0E7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {16822DC9-555F-4AB6-B0F2-E9D7E168EEE8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {CDBA9E09-4CDA-4C70-88E1-CE634228AB80} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {2E89B93B-741E-4D58-95B5-223D6442B979} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {5DD7F6A6-D568-4157-A989-5F63BA1FFBB9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {7FAF6D77-479B-4414-B99B-13FDB572024A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.)
Task: {8D977927-3F5C-4B52-A703-B9A3206761C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {BB908477-9459-42DF-9272-D118E0F286C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231472 2024-02-01] (HP Inc. -> HP Inc.)
Task: {6FD0A9F7-C7C2-45FF-889C-9BEE832342E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CA4E2D0B-18A0-4327-8418-25454C7E526B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {5943D7AB-4637-4AD0-A778-FE4F8D75942A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH958471RS => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {95C0A4A4-9D85-45A0-92B4-5DD15E9F9EA0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-18] (HP Inc. -> HP Inc.)
Task: {F5957ED0-605E-4544-807B-14B1E9959275} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-18] (HP Inc. -> HP Inc.)
Task: {B7B20CF6-1955-4B1B-A5A9-2E582CB5A80F} - System32\Tasks\HP\HP PSDr\HP PSDr Printer Health Monitor => C:\Program Files (x86)\HP\HP Support Framework\Modules\PSDR\HPPSDrPrinterHealthMonitor.exe [64160 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CEDCD749-24B7-42E8-8EB4-8AC06B83E2F3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {5D647CE0-9B88-4A9C-8177-4A0861D2BF78} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 9010 series => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPCustPartic.exe [6692256 2020-01-06] (HP Inc -> HP Inc.)
Task: {B9855965-B67E-497B-873F-C4CC2E2F7E8A} - System32\Tasks\HPEA3JOBS => C:\Program  -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {0F4D9C91-8079-4CA4-91BD-CE3B41F7418E} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {AC5B544F-B5F2-4582-B628-C65776C0D685} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A29725CB-EAF2-42A4-A5EA-FE6416779146} - System32\Tasks\McAfee\WPS\AntiTrackerTask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {40F4ADB3-4DE3-42A2-B345-A2A3F339597F} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\wps\1.14.212.1\dad\mc-dad.exe [4484248 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {FAA35692-2CDE-4D81-89D6-A6864D5965CF} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A4D81B5B-B6D2-46F2-9365-7F8DF22C56E0} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\wps\1.14.212.1\sustainability\mc-sustainability.exe [966960 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {FD766397-89C9-409A-B017-75BA448EC42A} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {58E05291-199A-4860-BD70-ACFAD1DA4E24} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {3AB6A145-408C-4B5B-B05E-A6D7B11D7EFD} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {35EDB15D-B9B7-49DC-B078-7D17E1938651} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {D1C9897C-79CA-472F-8C28-FE92D1813F50} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {4C34A613-3863-41B8-B3A2-52D672AFC533} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} C:\Program Files\McAfee\wps\1.14.212.1\mc-update.exe [5179968 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {A296D91F-9E9D-4703-A928-E7144DA8FE1F} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.14.212.1\mc-wns-client\mc-wns-client.exe [840384 2023-12-16] (McAfee, LLC -> )
Task: {522165B1-4F45-4D85-9AC8-A2C939FAD99E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {46D764B9-FF44-444C-91D5-403AF283A509} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {885F3FE7-F62D-40DB-A825-12170191CA57} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {85FA8F5E-8776-45DB-ADC7-89AF325DC1B6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {59529E41-1628-4689-8DDA-6CD20FED7989} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE4867CF-35C9-40CE-B2C5-619E0F9D9D10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5D1E38E7-F6CB-4CE8-8F8B-C7E44BB8EF65} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70B0BFB0-CB5A-4386-AC83-2B6CFF43C014} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4DCE8DCE-A9F6-485D-9C38-1F04EEAFB65A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DB178A1C-A786-4CFB-8406-C22795CD20B5} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {636C3BC4-3A7D-4269-B61B-D23064D40FB0} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-309238639-2357849422-1781197669-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {83FCC7CB-458C-4FFF-ABFA-E4C684DBB8F3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {491A35DB-75CB-43E5-917A-A05ACC353692} - System32\Tasks\Mozilla\Firefox Default Browser Agent 76C5FE2496185C2C => C:\Users\sms\AppData\Local\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {C2898F8D-F615-4515-B07C-4D8C64A108B6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB5FB141-2BE6-4C9A-8E41-E31D0C7862BF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {81A825DF-5E9C-4BAB-82C9-39D28CB57A0B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B0294B0-1C87-4E8A-AAB0-00736964D467} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D9C48EA-E4B3-4A30-94F3-A2C9177A4614} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DESKTOP-GDKJL4J-ZM S.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 local.skyfonts.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74da3f05-ea76-4403-9cfc-2b71e3f6f189}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74da3f05-ea76-4403-9cfc-2b71e3f6f189}: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\24478674351445: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\24478674351445: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\35075636472757D63556475707D25383: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\35075636472757D63556475707D25383: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\453483731373458344D25374: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\453483731373458344D25374: [DhcpDomain] austin.rr.com
Tcpip\..\Interfaces\{a230d696-ea94-4d58-a2d0-3bca64a9b8ae}: [NameServer] 172.17.3.1
 
Edge: 
=======
Edge Profile: C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-27]
Edge Extension: (Google Docs Offline) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-21]
Edge Extension: (Edge relevant text changes) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: n3rip95o.default
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\oiyyr7ot.default-release-1 [2024-02-08]
FF Extension: (Facebook Container) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\oiyyr7ot.default-release-1\Extensions\@contain-facebook.xpi [2021-01-28]
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\n3rip95o.default [2021-01-17]
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121 [2024-02-27]
FF Extension: (Facebook Container) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\@contain-facebook.xpi [2023-07-20]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\firefox@ghostery.com.xpi [2023-12-14]
FF Extension: (Innovator – Balanced) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\innovator-balanced-colorway@mozilla.org.xpi [2023-03-16]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-20]
FF Extension: (Animated Snoopy Christmas) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{2e0241b0-de21-48d1-9e26-b966873dac78}.xpi [2022-02-12]
FF Extension: (ANIMATED NOVELIST SNOOPY) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{45f2af7e-2043-42b6-a918-49bd1ce28841}.xpi [2022-02-12]
FF Extension: (McAfee® WebAdvisor) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2023-12-14] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Snoopy Peanuts Valentine) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{85883d0c-c8c1-41c5-9112-44e9314ff482}.xpi [2023-01-17]
FF Extension: (Fractal Senzune Alphacoder) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{ceefc8d7-d251-4762-bfcd-35cdeb3c52cd}.xpi [2023-03-08]
FF Extension: (Peanuts Christmas III) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{d79706cb-bad5-4136-8765-47136a7f97b9}.xpi [2022-02-12]
FF Extension: (Animated Merry Christmas Charlie Brown) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{fcabffd7-2490-49b9-b59d-bc0372899be1}.xpi [2022-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2017-11-07] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-309238639-2357849422-1781197669-1001: vsee.com/VSeeDetection -> C:\Users\sms\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2021-06-30] (VSee Lab, Inc. -> VSee Lab)
 
Chrome: 
=======
CHR Profile: C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default [2024-02-27]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US0G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Steady Flight) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\bngmkpbgamlgojclkfkbpmikjilmkdfp [2023-09-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-20]
CHR Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiobkfhnonedkhhfjpmhdalgeoebfa [2024-01-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-20]
CHR Extension: (HP Network Check Launcher) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-08-15]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-309238639-2357849422-1781197669-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-08-22] (Apple Inc. -> Apple Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-02-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2017-11-07] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-18] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [19320 2023-09-14] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-29] (Malwarebytes Inc. -> Malwarebytes)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.14.212.1\mc-fw-host.exe [2394440 2023-12-16] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\wps\1.14.212.1\mc-update.exe [5179968 2023-12-16] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-02-14] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 mfeelam; C:\WINDOWS\System32\DRIVERS\mfeelam.sys [19536 2023-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\WINDOWS\System32\DRIVERS\mfesec.sys [83808 2023-12-16] (McAfee, LLC -> McAfee, LLC)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [51192 2023-08-07] (OpenVPN Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-27 13:44 - 2024-02-27 13:48 - 000046248 _____ C:\Users\sms\Desktop\FRST.txt
2024-02-27 13:42 - 2024-02-27 13:47 - 000000000 ____D C:\FRST
2024-02-27 13:35 - 2024-02-27 13:37 - 000000000 ____D C:\Users\sms\Desktop\Dropper22724
2024-02-27 13:12 - 2024-02-27 13:12 - 002386944 _____ (Farbar) C:\Users\sms\Desktop\FRST64.exe
2024-02-27 12:32 - 2024-02-27 12:32 - 000043179 _____ C:\Users\sms\Desktop\quote_873.pdf
2024-02-23 15:29 - 2024-02-23 15:29 - 000043314 _____ C:\Users\sms\Desktop\oldquote_873.pdf
2024-02-21 17:51 - 2024-02-21 17:51 - 000000000 ___HD C:\ProgramData\temp
2024-02-20 19:11 - 2024-02-20 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-02-20 17:11 - 2024-02-20 17:41 - 000001288 _____ C:\Users\sms\Desktop\fix skewed analytics.txt
2024-02-20 17:01 - 2024-02-21 17:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-20 14:23 - 2024-02-20 14:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-02-19 13:11 - 2024-02-19 13:12 - 001234534 _____ C:\Users\sms\Downloads\DR.-ERIC-TIBLIER%2C-P.A._02-19-24.zip
2024-02-19 10:24 - 2024-02-19 10:24 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-02-16 10:38 - 2024-02-16 10:38 - 000048137 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.eps
2024-02-16 10:38 - 2024-02-16 10:38 - 000022116 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.pdf
2024-02-13 17:49 - 2024-02-13 17:49 - 000000000 ___HD C:\$WinREAgent
2024-02-08 18:52 - 2024-02-16 09:41 - 000000000 ____D C:\Users\sms\Desktop\bathroom
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-27 13:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-27 13:34 - 2019-10-05 13:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-02-27 13:11 - 2023-11-16 19:15 - 000000000 ____D C:\Users\sms\Desktop\858HDJES
2024-02-27 13:02 - 2017-11-13 23:15 - 000000000 ____D C:\Users\sms\Documents\Outlook Files
2024-02-27 13:02 - 2017-11-09 10:24 - 000000000 ____D C:\Users\sms\AppData\Local\Packages
2024-02-27 13:02 - 2017-11-06 18:21 - 000000000 ____D C:\Users\sms\AppData\Roaming\Microsoft\Word
2024-02-27 12:25 - 2020-06-16 18:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-27 11:14 - 2023-05-01 08:11 - 000000000 ____D C:\Users\sms\AppData\Local\Malwarebytes
2024-02-27 09:00 - 2020-06-16 18:39 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1CC147CE-5662-45E1-902C-29AC61883FEC}
2024-02-27 08:38 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-27 08:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-27 02:43 - 2021-12-14 19:02 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-27 02:43 - 2020-07-23 16:22 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-26 14:42 - 2018-04-30 16:17 - 000000000 ____D C:\Users\sms\AppData\Local\D3DSCache
2024-02-25 08:36 - 2020-06-17 21:08 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-24 16:06 - 2021-06-08 14:41 - 000000000 ____D C:\Users\sms\AppData\LocalLow\IGDump
2024-02-23 16:05 - 2022-02-08 12:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-22 20:29 - 2020-06-17 21:08 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-22 20:29 - 2020-06-17 21:08 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-22 19:07 - 2023-11-16 19:18 - 000000000 ____D C:\Users\sms\Desktop\BOOK MARKETING
2024-02-22 15:12 - 2021-01-06 20:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-02-22 15:06 - 2018-01-11 14:51 - 000000000 ____D C:\Users\sms\Desktop\Cheris Botanical Book
2024-02-22 15:06 - 2017-11-16 07:54 - 000000000 ____D C:\Users\sms\AppData\Local\Blurb
2024-02-22 07:35 - 2023-09-14 15:52 - 000001424 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2024-02-22 07:35 - 2019-09-10 17:21 - 000000000 ____D C:\Users\sms\AppData\Local\Grammarly
2024-02-21 17:55 - 2017-11-06 18:12 - 000000000 __SHD C:\Users\sms\IntelGraphicsProfiles
2024-02-21 17:51 - 2021-09-11 12:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-21 17:51 - 2020-06-16 18:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-21 17:51 - 2020-06-15 14:59 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-21 17:51 - 2020-03-10 09:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-21 17:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-21 17:50 - 2019-12-07 03:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2024-02-20 19:12 - 2021-01-28 18:18 - 000001274 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-20 19:12 - 2020-08-05 13:51 - 000000000 ____D C:\Users\sms\AppData\Local\Dropbox
2024-02-20 19:12 - 2020-03-10 09:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-20 19:12 - 2017-02-20 09:46 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-02-20 17:42 - 2022-02-22 14:30 - 000023465 _____ C:\Users\sms\Desktop\pwrimupdated2.txt
2024-02-20 14:23 - 2017-11-06 23:05 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-20 12:43 - 2018-01-05 12:31 - 000000000 ____D C:\Users\sms\Desktop\forgreg
2024-02-19 19:41 - 2017-11-06 22:47 - 000000000 ____D C:\Users\sms\AppData\Local\ElevatedDiagnostics
2024-02-18 19:56 - 2017-11-06 18:21 - 000000000 ____D C:\Users\sms\AppData\Roaming\Microsoft\Office
2024-02-18 10:14 - 2017-02-20 09:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-17 14:55 - 2019-01-28 12:31 - 000000000 ____D C:\Users\sms\Documents\TurboTax
2024-02-17 14:49 - 2020-07-14 17:08 - 000000000 ____D C:\Users\sms\AppData\Local\CrashDumps
2024-02-17 01:37 - 2020-06-16 18:26 - 000870746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-17 01:37 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-16 23:53 - 2023-10-28 02:24 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1004
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1001
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1000
2024-02-16 23:53 - 2020-08-16 14:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-15 11:58 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-13 20:13 - 2020-06-16 18:13 - 000000000 ____D C:\Users\sms
2024-02-13 20:12 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-13 20:12 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-13 20:04 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-13 19:56 - 2020-06-16 18:11 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-13 18:37 - 2017-11-07 00:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-13 18:30 - 2017-11-07 00:36 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-13 08:01 - 2020-03-31 09:37 - 000000000 ____D C:\Users\sms\Desktop\PANTS ON FIRE
2024-02-12 15:02 - 2017-12-05 14:13 - 000000000 ____D C:\Users\sms\Desktop\Christmas
2024-02-10 14:06 - 2020-06-16 18:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-02-08 20:09 - 2023-11-16 19:15 - 000000000 ____D C:\Users\sms\Desktop\THISSTUFF!!!
2024-02-08 20:07 - 2023-09-28 08:44 - 000000000 ____D C:\Users\sms\Desktop\lakewayswap
2024-02-08 20:04 - 2020-01-21 22:44 - 000000000 ____D C:\Users\sms\Desktop\Illustrated Discovery Journal
2024-02-08 20:02 - 2018-07-13 15:53 - 000000000 ___RD C:\Users\sms\Desktop\family
2024-02-08 19:49 - 2017-11-07 09:51 - 000000000 ____D C:\Users\sms\Desktop\Graphics
2024-02-08 10:27 - 2017-02-20 09:43 - 000000000 ____D C:\Program Files\HP
2024-02-07 15:52 - 2017-11-09 21:05 - 000000000 ____D C:\Users\sms\Desktop\MAIL LABEL TEMPLATES
2024-02-05 14:25 - 2018-05-30 10:04 - 000000000 ____D C:\Users\sms\Desktop\RECIPES
 
==================== Files in the root of some directories ========
 
2018-01-31 14:03 - 2020-05-08 18:51 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2018-02-28 00:16 - 2023-09-21 13:12 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe BMP Format CS5 Prefs
2018-01-20 17:53 - 2020-11-11 14:20 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe GIF Format CS5 Prefs
2019-03-26 15:21 - 2019-03-26 15:21 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2018-01-02 14:52 - 2023-09-21 13:07 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-11-14 10:33 - 2021-11-16 22:04 - 000052222 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.ADR
2017-11-14 10:32 - 2017-11-14 10:32 - 000012965 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.CAL
2021-11-16 21:58 - 2022-01-09 10:17 - 000011935 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.EML
2018-08-23 19:38 - 2019-03-26 16:54 - 000001456 _____ () C:\Users\sms\AppData\Local\Adobe Save for Web 12.0 Prefs
2020-05-22 21:01 - 2020-07-14 18:09 - 000464058 _____ () C:\Users\sms\AppData\Local\ars.cache
2020-05-22 21:05 - 2020-07-14 18:10 - 002495679 _____ () C:\Users\sms\AppData\Local\census.cache
2020-05-22 20:05 - 2020-05-22 20:05 - 000000036 _____ () C:\Users\sms\AppData\Local\housecall.guid.cache
2018-09-26 13:13 - 2018-09-26 13:13 - 000000000 _____ () C:\Users\sms\AppData\Local\oobelibMkey.log
2020-05-22 20:10 - 2020-06-20 22:55 - 000000010 _____ () C:\Users\sms\AppData\Local\sponge.last.runtime.cache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by sms (27-02-2024 13:49:00)
Running from C:\Users\sms\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) (2020-06-17 00:41:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-309238639-2357849422-1781197669-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-309238639-2357849422-1781197669-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-309238639-2357849422-1781197669-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-309238639-2357849422-1781197669-501 - Limited - Disabled)
sms (S-1-5-21-309238639-2357849422-1781197669-1001 - Administrator - Enabled) => C:\Users\sms
WDAGUtilityAccount (S-1-5-21-309238639-2357849422-1781197669-504 - Limited - Disabled)
ZM S (S-1-5-21-309238639-2357849422-1781197669-1004 - Administrator - Enabled) => C:\Users\ZM S
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Web Premium (HKLM-x32\...\{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Amazon Kindle) (Version: 1.34.1.63103 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.252 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D76F9829-A6F3-48D3-A0B6-BC1522CB9F49}) (Version: 17.0.0.21 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-3bcaf33b-8b43-46e4-9bef-555e973cf034) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BookWright version 1.2.163 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.2.163 - Blurb, Inc.)
calibre 64bit (HKLM\...\{046879EF-51A3-40F5-9D27-539286BEBBCE}) (Version: 6.3.0 - Kovid Goyal)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CoffeeCup Sitemapper (HKLM-x32\...\CoffeeCup Sitemapper) (Version:  - )
Creative Fonts Chrsitmas (HKLM-x32\...\{71C4AE5E-5DEA-4A0A-8779-32C574DB0319}) (Version: 1.0.0 - Summitsoft Corporation) Hidden
Creative Fonts Chrsitmas (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Creative Fonts Chrsitmas 1.0.0) (Version: 1.0.0 - Summitsoft Corporation)
Cyberduck (HKLM\...\{5CC20ECB-265A-4D61-8A6D-12DBE179B2FC}) (Version: 8.6.0.39818 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{09db73b4-2eca-4a71-963b-56a179f5dc3a}) (Version: 8.6.0.39818 - iterate GmbH)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3426 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 193.4.5594 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.70 - Google LLC)
Grammarly Editor (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\GrammarlyForWindows) (Version: 1.5.81 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{D55C414A-684A-4B84-A003-C248B40FD7C6}) (Version: 6.8.263 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{54da24a3-a032-400b-8762-669a8bf92df5}) (Version: 6.8.263 - Grammarly)
Grammarly for Windows (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Grammarly Desktop Integrations) (Version: 1.2.65.1324 - Grammarly)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.10 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP OfficeJet Pro 9010 series Basic Device Software (HKLM\...\{054E1B87-E52B-4B86-92B6-2FCA44090110}) (Version: 49.6.4502.206 - HP Inc.)
HP Orbit (HKLM\...\{1A083C69-5382-4CF9-8074-80EC050D9FC8}) (Version: 3.5.171.271 - HP) Hidden
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Orbit Service (HKLM\...\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}) (Version: 2.5.171.271 - HP Inc) Hidden
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{ECCFEFB0-A6EB-4BB3-9C9D-690370ED0C6D}) (Version: 1.7.0.0 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)
HP SFTP Plugin (HKLM-x32\...\{A441A742-7F3D-4B93-943B-18F5488ACE49}) (Version: 49.1.320.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 1.0.321.0 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S OCR (HKLM-x32\...\{E793D9AC-4A93-402F-84AD-9C5C752CCBE8}) (Version: 15.4.1132.0 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{90291EBF-187A-4C7E-A9AD-DCCB6C946536}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FBDA24D3-1A19-4D75-B3F1-F2A1FB6B61BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{8DEA4234-C97D-41BE-B2BC-313A196BCD09}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{8AAC5651-3DE3-4C1C-80AD-9D6192B1AA1A}) (Version: 16.8.3.1004 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1841.2 - Intel Corporation)
Intel® Serial IO (HKLM\...\{EABFC0C6-2EFD-486D-8DEB-5A07527FB179}) (Version: 30.100.1841.2 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000020-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.20.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{EF71AFFB-85B5-407C-A301-39EA25F98313}) (Version: 20.90.0.2270 - Intel Corporation) Hidden
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Java™ SE Development Kit 21.0.1 (64-bit) (HKLM\...\{75B0E1AE-DC20-5AC0-A358-61B0256DADBE}) (Version: 21.0.1.0 - Oracle Corporation)
Kindle Create (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Kindle Create) (Version: 1.61.0.0 - Amazon)
Kindle Kids' Book Creator (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\KKBC) (Version: 1.003 - Amazon)
KindlePreviewer (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\KindlePreviewer) (Version: 2.943 - Amazon)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-a7e52f56-01ce-4198-8245-46bf434002e7) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
Map Downloader (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{020aa847-631a-4c83-bc55-bfbd1e8765d7}) (Version: 21.1.8 - Harman International Industries, Incorporated)
Map Downloader (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{acd26ad8-8228-4b52-8dd6-3941dacb119f}) (Version: 19.3.30 - Harman International Industries, Incorporated)
McAfee (HKLM\...\McAfee.WPS) (Version: 1.14.212.1 - McAfee, LLC)
McAfee Safe Connect (HKLM-x32\...\{82D8F05E-9F97-415F-8622-C65C6759EFC6}) (Version: 2.16 - McAfee, LLC.) Hidden
McAfee Safe Connect (HKLM-x32\...\{a6cf057b-0e6f-4367-9afe-6aeb5a6ca5a5}) (Version: 2.16 - McAfee, LLC.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\5a0b0fb31a61cf22) (Version: 17.0.6271.8 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{BD2E4F7B-30B0-46A7-8E5C-D99D21C52336}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{200969CA-4114-4553-832D-4286C5ACBB98}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0 (x64 en-US)) (Version: 123.0 - Mozilla)
Mozilla Firefox 85.0 (x64 en-US) (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-23967c0a-93bf-4e02-ad1f-a6daee4f00fa) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Product Improvement Study for HP OfficeJet Pro 9010 series (HKLM\...\{47CB77FB-1807-4C2A-8F92-571C63EF96F1}) (Version: 49.6.4502.206 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-57907b6d-9add-476d-b133-a5c04d070310) (Version: 3.0.2.126 - WildTangent) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Sparkle 2 (HKLM-x32\...\WTA-ee52d951-fb5c-4ab7-99e9-b3bc05351348) (Version: 3.0.2.51 - WildTangent) Hidden
TSR Watermark Image software version 3.7.2.3 (HKLM-x32\...\TSR Watermark Image_is1) (Version: 3.7.2.3 - TSR Software)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2018 WinPerFedFormset (HKLM-x32\...\{4F5D754A-4CF7-489E-9FC7-DCF124A9C13B}) (Version: 018.000.1958 - Intuit Inc.) Hidden
TurboTax 2018 WinPerReleaseEngine (HKLM-x32\...\{3B81DEB0-2307-4542-A370-47D7B15B4EE5}) (Version: 018.000.0370 - Intuit Inc.) Hidden
TurboTax 2018 WinPerTaxSupport (HKLM-x32\...\{E9FCBA33-DB82-4992-A4FE-3A2D4C974DD7}) (Version: 018.000.0124 - Intuit Inc.) Hidden
TurboTax 2018 wrapper (HKLM-x32\...\{B29215FE-D5C4-4C2D-BDA1-11EBF3638653}) (Version: 018.000.0109 - Intuit Inc.) Hidden
TurboTax 2018 wriiper (HKLM-x32\...\{AF54E211-DDF3-46C5-861E-753C8B757D4C}) (Version: 018.000.1115 - Intuit Inc.) Hidden
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2019 WinPerFedFormset (HKLM-x32\...\{E06C08B0-B8A7-4D16-AC3D-A9B215B4DF33}) (Version: 019.000.2903 - Intuit Inc.) Hidden
TurboTax 2019 WinPerReleaseEngine (HKLM-x32\...\{3B2774BA-9EAF-4AC6-8E06-98EA76831746}) (Version: 019.000.0376 - Intuit Inc.) Hidden
TurboTax 2019 WinPerTaxSupport (HKLM-x32\...\{7A9F6F61-D188-4851-A4B5-1766EB5295C9}) (Version: 019.000.0115 - Intuit Inc.) Hidden
TurboTax 2019 wrapper (HKLM-x32\...\{DF0DB405-2E2C-4DFE-A6E7-342E7900F594}) (Version: 019.000.0127 - Intuit Inc.) Hidden
TurboTax 2019 wriiper (HKLM-x32\...\{8A3D77B8-70A0-4C50-B3AF-0F736CAC9256}) (Version: 019.000.1228 - Intuit Inc.) Hidden
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax 2020 WinPerReleaseMsi (HKLM-x32\...\{52E6AD69-FBE7-42C0-9F5B-CD282EB7FD76}) (Version: 020.000.1601 - Intuit Inc.) Hidden
TurboTax 2020 wriiper (HKLM-x32\...\{64E1EAA9-4ADA-48A8-9A17-DC89F40A1C1F}) (Version: 020.000.1074 - Intuit Inc.) Hidden
TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0583 - Intuit Inc.)
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0407 - Intuit Inc.)
TurboTax 2023 (HKLM\...\{E562E609-8B17-48CF-A82C-0A78ED485299}) (Version: 023.000.0428 - Intuit Inc.)
UCheck version 3.9.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 3.9.3.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VSee (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\VSee) (Version: 4.11.3.43458 - VSee Lab Inc)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.866 - McAfee, LLC)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Driver Package - Hewlett-Packard USB  (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
wriiperStateIS (HKLM-x32\...\{19230F8E-4B7C-4066-A15F-0D8203921993}) (Version: 021.000.0105 - Intuit Inc.) Hidden
wriiperStateIS (HKLM-x32\...\{283B195F-A365-44AC-AE23-9DE1DAF3C03C}) (Version: 022.000.0102 - Intuit Inc.) Hidden
Zoom (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-06-08] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-03-29] (Audible Inc)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bing Fan Favorites - Landscapes -> C:\Program Files\WindowsApps\Microsoft.BingFanFavorites-Landscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Coastal Portugal by Paulo P Pereira -> C:\Program Files\WindowsApps\Microsoft.CoastalPortugalbyPauloPPereira_1.1.0.0_neutral__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2023-12-21] (Dropbox Inc.)
Easy Violin Tuner -> C:\Program Files\WindowsApps\10763Neonway.EasyViolinTuner_1.8.2.0_x86__7kzf3j20m4tcj [2023-03-27] (Neonway)
Fountain Pens -> C:\Program Files\WindowsApps\Microsoft.FountainPens_1.0.0.0_neutral__8wekyb3d8bbwe [2018-11-21] (Microsoft Corporation)
Garden Glimpses by Rangan Das -> C:\Program Files\WindowsApps\Microsoft.GardenGlimpsesbyRanganDas_1.0.0.0_neutral__8wekyb3d8bbwe [2018-07-24] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-11-07] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.4.0.0_x64__v10z8vjag6ke6 [2023-10-19] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-18] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-08] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-02-13] (Instagram)
Isle of Man by Mark Wallace -> C:\Program Files\WindowsApps\Microsoft.IsleofManbyMarkWallace_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-10] (Microsoft Corporation)
McAfee -> C:\Program Files\McAfee\wps\1.14.212.1 [2023-12-16] ()
Meteor Showers -> C:\Program Files\WindowsApps\Microsoft.MeteorShowers_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation) [Startup Task]
Netherlands Countryside -> C:\Program Files\WindowsApps\Microsoft.NetherlandsCountryside_1.1.0.0_neutral__8wekyb3d8bbwe [2017-12-03] (Microsoft Corporation)
Pantone Color of the Year 2022 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PantoneColoroftheYear2022_1.0.0.0_neutral__8wekyb3d8bbwe [2023-03-08] (Microsoft Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation)
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.1.1.0_neutral__5byw4zywtsh80 [2022-10-19] (Pinterest Inc.)
Prism Video Converter -> C:\Program Files\WindowsApps\NCHSoftware.PrismFree_10.4.0.0_x86__7kedsbyvzns34 [2023-10-14] (NCH Software)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.4.96.0_x64__kx24dqmazqk8j [2023-08-22] (Random Salad Games LLC)
Snow Sculptures -> C:\Program Files\WindowsApps\Microsoft.SnowSculptures_1.0.0.0_neutral__8wekyb3d8bbwe [2018-11-21] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Studios) [MS Ad]
Spiekeroog by Markus Janse -> C:\Program Files\WindowsApps\Microsoft.SpiekeroogbyMarkusJanse_1.0.0.0_neutral__8wekyb3d8bbwe [2018-03-28] (Microsoft Corporation)
The Northern Lights -> C:\Program Files\WindowsApps\Microsoft.TheNorthernLights_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation)
The Weather 14 days -> C:\Program Files\WindowsApps\tiempo.com.ElTiempo14das_3.2.10.0_x64__1jw6nrrrzn4a6 [2022-06-23] (Meteo Network) [MS Ad]
Weather Radar Pro -> C:\Program Files\WindowsApps\15196RobertFirth.RadarWeather_3.9.0.198_x64__gqrwdc4c1z97p [2021-05-23] (Robert Firth)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-10] (Microsoft Corporation)
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2023-07-10] (Microsoft Corp.)
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-07-28] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-02-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-02-13] (Microsoft Corp.)
Windows App Runtime DDLM 2000.802.31.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x6_2000.802.31.0_x64__8wekyb3d8bbwe [2023-07-10] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x8_2000.802.31.0_x86__8wekyb3d8bbwe [2023-07-10] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-02-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2023-12-16] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD4F206532F} -> [Creative Cloud Files] => C:\Users\sms\Creative Cloud Files [2017-12-20 08:55]
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\sms\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\11B5FF2D92\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\sms\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\11B5FF2D92\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{d4ec04a3-7b3b-f5dd-3ee9-6a7118ff4224}\localserver32 -> C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\sms\Dropbox [2020-08-05 14:21]
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.14.212.1\mc-ctxmnu.dll [2023-12-16] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxDTCM.dll [2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.14.212.1\mc-ctxmnu.dll [2023-12-16] (McAfee, LLC -> McAfee, LLC)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2024-02-14 19:22 - 2024-02-14 19:22 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\e456c2ae468a34095a79c1e849acdd14\BRIDGECommon.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\de71453bf9f58c843aea9b8ae69e5105\BridgeExtension.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\a706a6de2bf93cde3ed0d1f1d2052cdf\CleanStartController.ni.dll
2023-08-24 01:34 - 2023-08-24 01:34 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f5836eea869011d9f6291cf9b7052643\Interop.IWshRuntimeLibrary.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000072704 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\11c53a0dd97212c4c1d64f6a80578e79\NativeInterop.ni.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\5e2e18fdd0a7d80d3e68776f7a56f752\Hardcodet.Wpf.TaskbarNotification.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000135168 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\3b4f1378b22cb53fa730d04d74726824\CommonPortable.ni.dll
2019-07-18 16:13 - 2018-12-10 09:59 - 007991296 _____ (HP Inc.) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPOJP9010_FaxPCSendRenderPlugin.dll
2020-05-23 08:32 - 2013-03-07 22:07 - 000009728 _____ (Luis Cobian) [File not signed] [File is in use] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\98f7d1a72e11f076819a1ea8801d5da5\NAudio.ni.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 003062272 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\72213784b42226a70b1b0e9538e2f7d5\Newtonsoft.Json.ni.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\8286f136ddf128a91d1e3540b4ebe22b\log4net.ni.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-309238639-2357849422-1781197669-1001 -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-309238639-2357849422-1781197669-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 05:47 - 2024-02-01 13:25 - 000000840 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 local.skyfonts.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\IdrsOCR_15.4.1132.0\;C:\Program Files\Calibre2\;%JAVA_HOME%\bin;
HKU\S-1-5-21-309238639-2357849422-1781197669-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Control Panel\Desktop\\Wallpaper -> c:\users\sms\desktop\graphics\screen backgrounds\newbackground3823.jpg
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\sms\Desktop\Graphics\screen backgrounds\skroog.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "Monotype SkyFonts System Extension"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "SafeConnect"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{34E1EA88-85F7-4891-9244-A8DBCEEA7563}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{1A607445-A7D1-4342-8895-0B6DDF638478}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [TCP Query User{1BBE011D-0C27-4513-9A28-7D0387D5B613}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{4347DB9E-B686-4B35-80DA-6D06542A77F4}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [{B267FC6B-6B8E-4F42-994C-154E309492EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C82527D2-4433-44BE-B08A-56BAA3D7EF5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A542ED7D-4041-46D2-AAB4-89EA8E7FAE2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7DCBEB3D-1D55-4556-8179-C2077E6D92FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93F5E42-6747-4396-A5AF-8B19D9D06BD1}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B45348BB-D382-41FC-B6DB-3D9E069C5158}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4F4AAC1F-49CD-4DFD-9CD1-B8C3669B8951}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{35193C0A-5010-48D4-930F-443AEFA519B4}] => (Allow) C:\Program Files\TurboTax\Individual 2023\64bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{2F2686F5-0796-4AF3-98E3-0049889C2786}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{557F0895-4610-44C4-9931-CDA0412E25B5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{13D4FCB7-E318-4E4C-89B6-4C4BD63FFE74}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{AA920F45-35F9-43C6-B84C-C09F6183BD81}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{3E34BF79-92CD-4F97-A932-180420F55240}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{7301969E-BB41-4F33-98BA-C4C8153BBDE5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{B0818CCE-B6C5-4DBC-B37D-9D9F23D0AC3D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CBA04F7A-F8C5-47C0-9EF2-2662334314DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{AF676128-8E99-4583-A61F-ECDE28C65302}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{B789BC04-5D97-4219-BC52-1FE939A8932B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EB50D76-1EEB-4969-B971-A013751B0393}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A62A1D5-F1AE-47FD-BDB5-7F3F69B0EE89}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AACBA9F-117E-4CFB-BAFF-5B98A8EE5C1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{87C11814-DE8F-4036-9429-A5FD7EA5ED34}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{416B90AB-5F6B-4AFE-BDD6-D1FBF0C4F83E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
04-02-2024 19:07:44 Scheduled Checkpoint
13-02-2024 19:06:50 Scheduled Checkpoint
13-02-2024 19:25:01 Windows Modules Installer
22-02-2024 20:00:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/27/2024 10:11:13 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
Error: (02/27/2024 10:11:11 AM) (Source: MsiInstaller) (EventID: 1013) (User: DESKTOP-GDKJL4J)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
Error: (02/25/2024 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (02/22/2024 07:35:21 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GDKJL4J)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (02/22/2024 04:20:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (02/22/2024 04:20:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (02/21/2024 05:58:26 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GDKJL4J)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (02/21/2024 05:52:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-GDKJL4J.local already in use; will try DESKTOP-GDKJL4J-2.local instead
 
 
System errors:
=============
Error: (02/27/2024 01:35:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/27/2024 01:35:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/27/2024 01:35:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/27/2024 01:35:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/27/2024 01:35:03 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/26/2024 01:35:01 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/26/2024 01:35:01 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/26/2024 01:35:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
Windows Defender:
================
Date: 2024-02-27 13:22:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-26 13:51:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-25 13:51:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-24 13:51:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-23 13:51:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-12-10 16:36:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-12-10 16:36:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-12-10 16:36:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-12-10 16:33:56
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-12-10 16:26:42
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2024-02-27 13:47:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.14.212.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.
 
Date: 2024-02-27 13:43:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.14.212.1\mc-sec-plugin-x86.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.43 07/01/2019
Motherboard: HP 82F2
Processor: Intel® Core™ i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 66%
Total physical RAM: 8071.65 MB
Available physical RAM: 2742.48 MB
Total Virtual: 12308.2 MB
Available Virtual: 4883.55 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.95 GB) (Free:124.1 GB) (Model: WDC WD10EZEX-60WN4A0) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.33 GB) (Free:1.19 GB) (Model: WDC WD10EZEX-60WN4A0) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{f50fa4c1-1683-4d3b-b774-598e13ea3a2a}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.39 GB) NTFS
\\?\Volume{8a2f6966-74ca-460e-8957-171be8c481eb}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4BDAAAA2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 28 February 2024 - 03:30 AM

Hello again.
I'll be pleased to check through your new logs.
Here's a reminder of the guidelines.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Unfortunately I will be away from my desk this morning, but should get back to you by this evening. (UK time)

 

Dennis



#3 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 28 February 2024 - 09:36 AM

Fortunately McAfee quarantined the file, although it may have been another false positive.
Either way, any potential infection looks to have been prevented, as there are no signs of it elsewhere on the computer.
Is the folder you created C:\Users\sms\Desktop|FONTS AND GRAPHICS\FONTS?
If so, I'd be tempted to re-scan the folder with McAfee, just to be sure.
Please advise if you recognise these items?

2024-02-16 10:38 - 2024-02-16 10:38 - 000048137 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.eps
2024-02-16 10:38 - 2024-02-16 10:38 - 000022116 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.pdf

-------------------------------------------------------------------------------------------------------------------
It's been a while since you ran an ESET scan, so let's do that next as a double check.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.


#4 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted 28 February 2024 - 10:41 AM

Thank you, Dennis.

 

Per your queries:

 

* The FONTS AND GRAPHICS folder includes fonts, licenses for fonts, some graphics, and the licenses for those graphics. I scanned the folder (727 files) with McAfee and no threats were found.

 

** The two downloaded files you identified (2024-02-16 10:38 - 2024-02-16 10:38 - 000048137 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.eps

2024-02-16 10:38 - 2024-02-16 10:38 - 000022116 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.pdf) are ISBN barcodes for a book I am publishing for one of my authors. The files were downloaded from Bowkers website.

 

I will proceed with completing the ESET scan and provide you with an update when I've completed those steps.

 

Thank you for your help. (Not sure why I've had so much trouble for the past four months. This is very atypical. I think I had only two other issues in many many years.)


Edited by SMS18, 28 February 2024 - 10:42 AM.


#5 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted 28 February 2024 - 05:18 PM

Hello again, Dennis.

 

The ESET Scan results indicate no issues. Following is the ESETScan.txt report:

 

2/28/2024 16:13:19 PM
Files scanned: 1006526
Detected files: 0
Cleaned files: 0
Total scan time: 06:22:02
Scan status: Finished


#6 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 29 February 2024 - 06:47 AM

Very good.
There's a few, non malware, flagged entries we can remove, to clean things up.

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {9DF84A35-EE32-4629-9BA6-7B74C17BADD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{684863FD-D994-4289-AE38-E38F681BB365} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0
End::
  • Click on the Fix button just once and wait.
  • Please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also please advise how your computer is running now.



#7 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted 29 February 2024 - 11:02 AM

Thank you, Dennis. I completed the  FRST cleanup scan per your instructions. Here is the Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by sms (29-02-2024 09:42:16) Run:1
Running from C:\Users\sms\Desktop
Loaded Profiles: sms
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {9DF84A35-EE32-4629-9BA6-7B74C17BADD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{684863FD-D994-4289-AE38-E38F681BB365} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0
End::
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DF84A35-EE32-4629-9BA6-7B74C17BADD7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF84A35-EE32-4629-9BA6-7B74C17BADD7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{684863FD-D994-4289-AE38-E38F681BB365} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{684863FD-D994-4289-AE38-E38F681BB365}" => removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterInternalService124.0.6315.0 => removed successfully
GoogleUpdaterInternalService124.0.6315.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterService124.0.6315.0 => removed successfully
GoogleUpdaterService124.0.6315.0 => service removed successfully
 
"C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0" folder move:
 
C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0 => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 09:43:38 ====


#8 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 29 February 2024 - 11:16 AM

That's all looking good, so I believe that we are nearly all set now.

Please advise if you have any further questions, before I post the usual tool/log clean up instructions and information for your future reference.

 



#9 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted 29 February 2024 - 11:21 AM

Thank you, Dennis. I'm still not sure how this malware issue occurred. I've hardly used my computer in the past couple of weeks. I am going to scan a backup drive for malware to see if there is a connection since I backed up some files for one of my authors. 

 

I appreciate your commitment to helping me and thank you for guiding me and reviewing the logs. I hope this will end what has become a pattern over the past four months. I am very grateful to you for your help.



#10 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 29 February 2024 - 11:26 AM

You are very welcome.
I'll leave the topic open for a couple of days, in case you find anything on that drive.
This tool will remove the software we used.
KpRm by Kernel-panik

  •     Download KpRm and save it to your Desktop
  •     Right click on the icon and select Run as administrator.
  •     Click Yes on the Disclaimer.
  •     Place a check mark in Delete Tools and Create Restore Point.
  •     Under Delete Quarantine, check Delete in 7 days.
  •     Click Run.
  •     Click OK in the All operations are completed box.
  •     It will create and open a log report.
  •     KpRm will delete itself from you Desktop and you can either save or remove the report that was generated.

These articles offer good advice and information for the future.
Keep your computer secure at home
How your system gets infected.
Ransomware advice.
Choosing Secure Passwords.
Thanks again for contacting us at Bleeping Computer.

Dennis



#11 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted 03 March 2024 - 02:20 PM

I am closing this topic, as the issues appear to have been resolved.
If you need to continue, would you please send me or any Moderator a Personal Message (PM), advising that you would like it to be re-opened.
Please include a link to the topic in the Personal Message.



#12 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 03:30 AM

This topic has now been re-opened, as requested by SMS18.



#13 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted Yesterday, 10:42 AM

Thank you for reopening this topic, Dennis.

 

Here are the latest events and scan results. Detected: 2b1fa  Trojan:Script/Phishing.HKM

I scanned two of my backup drives since our last communication, and the scans using McAfee identified the dropper.ya in several PDFs on both drives. I deleted the quarantined files and rescanned using Malwarebytes and then Defender, and both scans identified and quarantined pup toolbars, which I also deleted from the backup drives.

I then attempted to use McAfee to rescan my computer, however, a popup message indicated I was offline, even though I wasn't. I reconnected McAfee VPN to see if that would correct the problem, but it did not. When this has occurred in the past, the only solution seems to be restarting the computer, which I did.

Following restart,  I initialized a full McAfee scan** on the computer. At approximately the twelve-hour mark in the scan, it indicated it was 100% but scanning continued and at some point after that, it identified and quarantied a threat.

After about five more hours, McAfee completed the scan and indicated that the following suspicious item was quarantined:

C:\Users\sms\AppData\Local\Chrome\User Data\Default\IndexedDB\chrome-extension_ihcjicgdanjaechkgeegckofjjedodee_0.indexeddb.blob\2\b1
Trojan:Script/Phishing.HKM

Following the full scan and while I was attempting to read the scan results, McAfee spontaneously began a quick scan, which lasted another several hours. The second scan found no issues.

After that, I ran Malwarebytes and a Defender Quick Scan. No issues again. Last night, I updated and ran a full Defender scan, and the results indicate no threats were found.

**Please note that before I initialized the full McAfee scan, I went online to check the contents of a Google drive (I didn't download or upload anything...I just confirmed contents of the drive). Other than that, I have not used the computer aside from logging in to BleepingComputer.com to update  you regarding these events.

Thank you for your continuing help. FRST and Addition.logs are posted next.

(Query: Do you think the obsolete Acrobat software may be contributing to this ongoing issue?)


Edited by SMS18, Yesterday, 11:04 AM.


#14 SMS18

SMS18
  • Topic Starter

  •  Avatar image
  • Members
  • 61 posts
  • ONLINE
  •  
  • Gender:Female
  • Local time:09:58 PM

Posted Yesterday, 11:05 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by sms (administrator) on DESKTOP-GDKJL4J (HP HP Pavilion Desktop PC 570-p0XX) (04-03-2024 09:48:10)
Running from C:\Users\sms\Desktop\FRST64.exe
Loaded Profiles: sms
Platform: Microsoft Windows 10 Home Version 22H2 19045.4123 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Grammarly, Inc. -> Grammarly) C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(explorer.exe ->) (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe <3>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(msiexec.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.14.212.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(svchost.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(svchost.exe ->) (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.14.212.1\neo\mc-neo-host.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-14] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11560848 2024-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HP OfficeJet Pro 9010 series (NET) #2] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HPB90E59 (HP OfficeJet Pro 9010 series)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [HPB90E59.lan (HP OfficeJet Pro 9010 series)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [MicrosoftEdgeAutoLaunch_66108CE6BF7BC48A1520D523A0F82972] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-03-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Run: [Grammarly] => C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [234080 2024-02-27] (Grammarly, Inc. -> Grammarly)
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ZM S\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [37405032 2020-07-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ZM S\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64" [0 2020-07-31] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [52568 2009-08-19] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\stkMonitor: C:\WINDOWS\system32\stkMonitor.dll [65680 2021-05-31] (Amazon.com Services LLC -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.71\Installer\chrmstp.exe [2024-02-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13D46966-F41A-4A8D-81FC-9E2453CE3B3E} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10F3FF35-8A84-43B7-8F13-98FA370F3401} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sms@journey2astar.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {72F6E543-4706-4BDF-AE36-4721339986E3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E71005C0-1DD7-4B8E-9E4C-59637C74FBB9} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DAFD043C-AC0E-4A30-8D76-561C293ED14A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {B556DB51-73CC-40C3-B9CF-7D0CDD7CBEBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {D3C5B97E-C9D5-41E6-911A-C74991E1BAA1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C8279D1D-A25D-44C8-A1B4-E0A1219C735E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0A9F9C50-8AA4-45A9-A5FD-BB9FA1EAF048} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {464FA539-FDA1-4E3D-A5F9-7C91AB2EF956} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {8061A414-B034-458C-A1F5-C5773626A41E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {F2757879-46A4-456C-983E-F93EC9F0A27A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {F5F276C1-2AF1-4D21-8548-8F4717F7056D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {87E93DFC-286B-4916-8865-049E2523A0E7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {16822DC9-555F-4AB6-B0F2-E9D7E168EEE8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {CDBA9E09-4CDA-4C70-88E1-CE634228AB80} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {2E89B93B-741E-4D58-95B5-223D6442B979} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {5DD7F6A6-D568-4157-A989-5F63BA1FFBB9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {7FAF6D77-479B-4414-B99B-13FDB572024A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.)
Task: {8D977927-3F5C-4B52-A703-B9A3206761C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {BB908477-9459-42DF-9272-D118E0F286C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231472 2024-02-01] (HP Inc. -> HP Inc.)
Task: {6FD0A9F7-C7C2-45FF-889C-9BEE832342E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CA4E2D0B-18A0-4327-8418-25454C7E526B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {5943D7AB-4637-4AD0-A778-FE4F8D75942A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH958471RS => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {95C0A4A4-9D85-45A0-92B4-5DD15E9F9EA0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-18] (HP Inc. -> HP Inc.)
Task: {F5957ED0-605E-4544-807B-14B1E9959275} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-18] (HP Inc. -> HP Inc.)
Task: {B7B20CF6-1955-4B1B-A5A9-2E582CB5A80F} - System32\Tasks\HP\HP PSDr\HP PSDr Printer Health Monitor => C:\Program Files (x86)\HP\HP Support Framework\Modules\PSDR\HPPSDrPrinterHealthMonitor.exe [64160 2024-02-01] (HP Inc. -> HP Inc.)
Task: {CEDCD749-24B7-42E8-8EB4-8AC06B83E2F3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {5D647CE0-9B88-4A9C-8177-4A0861D2BF78} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 9010 series => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPCustPartic.exe [6692256 2020-01-06] (HP Inc -> HP Inc.)
Task: {B9855965-B67E-497B-873F-C4CC2E2F7E8A} - System32\Tasks\HPEA3JOBS => C:\Program  -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {0F4D9C91-8079-4CA4-91BD-CE3B41F7418E} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {AC5B544F-B5F2-4582-B628-C65776C0D685} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A29725CB-EAF2-42A4-A5EA-FE6416779146} - System32\Tasks\McAfee\WPS\AntiTrackerTask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {40F4ADB3-4DE3-42A2-B345-A2A3F339597F} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\wps\1.14.212.1\dad\mc-dad.exe [4484248 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {FAA35692-2CDE-4D81-89D6-A6864D5965CF} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A4D81B5B-B6D2-46F2-9365-7F8DF22C56E0} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\wps\1.14.212.1\sustainability\mc-sustainability.exe [966960 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {FD766397-89C9-409A-B017-75BA448EC42A} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {58E05291-199A-4860-BD70-ACFAD1DA4E24} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {3AB6A145-408C-4B5B-B05E-A6D7B11D7EFD} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {35EDB15D-B9B7-49DC-B078-7D17E1938651} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {D1C9897C-79CA-472F-8C28-FE92D1813F50} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {4C34A613-3863-41B8-B3A2-52D672AFC533} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} C:\Program Files\McAfee\wps\1.14.212.1\mc-update.exe [5179968 2023-12-16] (McAfee, LLC -> McAfee, LLC)
Task: {A296D91F-9E9D-4703-A928-E7144DA8FE1F} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.14.212.1\mc-wns-client\mc-wns-client.exe [840384 2023-12-16] (McAfee, LLC -> )
Task: {522165B1-4F45-4D85-9AC8-A2C939FAD99E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {46D764B9-FF44-444C-91D5-403AF283A509} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {885F3FE7-F62D-40DB-A825-12170191CA57} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {85FA8F5E-8776-45DB-ADC7-89AF325DC1B6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {59529E41-1628-4689-8DDA-6CD20FED7989} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {61622ED2-61D7-4E20-BD4E-77F3E402BD8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {88E6372C-05FC-4EA0-8D37-8318936E672C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A810401D-6777-4887-83BB-A12AAA9CD341} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC3D3003-D478-487B-9630-A94A7EB20B57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DB178A1C-A786-4CFB-8406-C22795CD20B5} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {636C3BC4-3A7D-4269-B61B-D23064D40FB0} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-309238639-2357849422-1781197669-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {83FCC7CB-458C-4FFF-ABFA-E4C684DBB8F3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {491A35DB-75CB-43E5-917A-A05ACC353692} - System32\Tasks\Mozilla\Firefox Default Browser Agent 76C5FE2496185C2C => C:\Users\sms\AppData\Local\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {C2898F8D-F615-4515-B07C-4D8C64A108B6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB5FB141-2BE6-4C9A-8E41-E31D0C7862BF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {81A825DF-5E9C-4BAB-82C9-39D28CB57A0B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B0294B0-1C87-4E8A-AAB0-00736964D467} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D9C48EA-E4B3-4A30-94F3-A2C9177A4614} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DESKTOP-GDKJL4J-ZM S.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 local.skyfonts.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74da3f05-ea76-4403-9cfc-2b71e3f6f189}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74da3f05-ea76-4403-9cfc-2b71e3f6f189}: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\24478674351445: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\24478674351445: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\35075636472757D63556475707D25383: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\35075636472757D63556475707D25383: [DhcpDomain] lan
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\453483731373458344D25374: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{8629a0a6-5e1a-4e1d-843f-f9ca1fa868e1}\453483731373458344D25374: [DhcpDomain] austin.rr.com
Tcpip\..\Interfaces\{a230d696-ea94-4d58-a2d0-3bca64a9b8ae}: [NameServer] 172.17.3.1

Edge:
=======
Edge Profile: C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-04]
Edge Extension: (Google Docs Offline) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-03]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-29]
Edge Extension: (Edge relevant text changes) - C:\Users\sms\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: n3rip95o.default
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\oiyyr7ot.default-release-1 [2024-02-08]
FF Extension: (Facebook Container) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\oiyyr7ot.default-release-1\Extensions\@contain-facebook.xpi [2021-01-28]
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\n3rip95o.default [2021-01-17]
FF ProfilePath: C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121 [2024-03-04]
FF Extension: (Facebook Container) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\@contain-facebook.xpi [2023-07-20]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\firefox@ghostery.com.xpi [2023-12-14]
FF Extension: (Innovator – Balanced) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\innovator-balanced-colorway@mozilla.org.xpi [2023-03-16]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-20]
FF Extension: (Animated Snoopy Christmas) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{2e0241b0-de21-48d1-9e26-b966873dac78}.xpi [2022-02-12]
FF Extension: (ANIMATED NOVELIST SNOOPY) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{45f2af7e-2043-42b6-a918-49bd1ce28841}.xpi [2022-02-12]
FF Extension: (McAfee® WebAdvisor) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2023-12-14] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Snoopy Peanuts Valentine) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{85883d0c-c8c1-41c5-9112-44e9314ff482}.xpi [2023-01-17]
FF Extension: (Fractal Senzune Alphacoder) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{ceefc8d7-d251-4762-bfcd-35cdeb3c52cd}.xpi [2023-03-08]
FF Extension: (Peanuts Christmas III) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{d79706cb-bad5-4136-8765-47136a7f97b9}.xpi [2022-02-12]
FF Extension: (Animated Merry Christmas Charlie Brown) - C:\Users\sms\AppData\Roaming\Mozilla\Firefox\Profiles\sixmlr3z.default-release-1644696271121\Extensions\{fcabffd7-2490-49b9-b59d-bc0372899be1}.xpi [2022-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2017-11-07] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-309238639-2357849422-1781197669-1001: vsee.com/VSeeDetection -> C:\Users\sms\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2021-06-30] (VSee Lab, Inc. -> VSee Lab)

Chrome:
=======
CHR Profile: C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default [2024-03-04]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US0G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Steady Flight) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\bngmkpbgamlgojclkfkbpmikjilmkdfp [2023-09-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-20]
CHR Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiobkfhnonedkhhfjpmhdalgeoebfa [2024-01-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-28]
CHR Extension: (HP Network Check Launcher) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-08-15]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-309238639-2357849422-1781197669-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-08-22] (Apple Inc. -> Apple Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-02-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2017-11-07] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-18] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [19320 2023-09-14] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-29] (Malwarebytes Inc. -> Malwarebytes)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.14.212.1\mc-fw-host.exe [2394440 2023-12-16] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\wps\1.14.212.1\mc-update.exe [5179968 2023-12-16] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-02-14] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 mfeelam; C:\WINDOWS\System32\DRIVERS\mfeelam.sys [19536 2023-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\WINDOWS\System32\DRIVERS\mfesec.sys [83808 2023-12-16] (McAfee, LLC -> McAfee, LLC)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [51192 2023-08-07] (OpenVPN Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-27] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-02 23:54 - 2024-03-02 23:54 - 000000000 ___HD C:\ProgramData\temp
2024-03-01 04:50 - 2024-03-01 04:50 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-01 04:48 - 2024-03-01 04:48 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-01 03:57 - 2024-03-01 03:57 - 000000000 ___HD C:\$WinREAgent
2024-02-29 09:42 - 2024-02-29 09:43 - 000002331 _____ C:\Users\sms\Desktop\Fixlog.txt
2024-02-28 16:13 - 2024-02-28 16:13 - 000000268 _____ C:\Users\sms\Desktop\ESETScan.txt
2024-02-28 09:46 - 2024-02-28 09:46 - 000001277 _____ C:\Users\sms\Desktop\ESET Online Scanner.lnk
2024-02-28 09:45 - 2024-02-28 09:46 - 000001383 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-02-28 09:43 - 2024-02-28 09:43 - 015274968 _____ (ESET) C:\Users\sms\Desktop\esetonlinescanner.exe
2024-02-27 19:46 - 2024-02-27 19:46 - 000000000 ____D C:\Users\sms\Desktop\for greg eye
2024-02-27 13:49 - 2024-02-27 13:54 - 000072704 _____ C:\Users\sms\Desktop\Addition.txt
2024-02-27 13:44 - 2024-03-04 09:52 - 000044913 _____ C:\Users\sms\Desktop\FRST.txt
2024-02-27 13:42 - 2024-03-04 09:50 - 000000000 ____D C:\FRST
2024-02-27 13:35 - 2024-03-03 23:19 - 000000000 ____D C:\Users\sms\Desktop\Dropper22724
2024-02-27 13:12 - 2024-02-27 13:12 - 002386944 _____ (Farbar) C:\Users\sms\Desktop\FRST64.exe
2024-02-27 12:32 - 2024-02-27 12:32 - 000043179 _____ C:\Users\sms\Desktop\quote_873.pdf
2024-02-23 15:29 - 2024-02-23 15:29 - 000043314 _____ C:\Users\sms\Desktop\oldquote_873.pdf
2024-02-20 19:11 - 2024-02-20 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-02-20 17:11 - 2024-02-20 17:41 - 000001288 _____ C:\Users\sms\Desktop\fix skewed analytics.txt
2024-02-20 17:01 - 2024-02-21 17:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-20 14:23 - 2024-02-20 14:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-02-19 13:11 - 2024-02-19 13:12 - 001234534 _____ C:\Users\sms\Downloads\DR.-ERIC-TIBLIER%2C-P.A._02-19-24.zip
2024-02-19 10:24 - 2024-02-19 10:24 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-02-16 10:38 - 2024-02-16 10:38 - 000048137 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.eps
2024-02-16 10:38 - 2024-02-16 10:38 - 000022116 _____ C:\Users\sms\Downloads\9798218379650_0-00_ean.pdf
2024-02-08 18:52 - 2024-02-27 15:30 - 000000000 ____D C:\Users\sms\Desktop\bathroom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-04 09:48 - 2020-06-16 18:13 - 000000000 ____D C:\Users\ZM S
2024-03-04 09:48 - 2020-06-16 18:13 - 000000000 ____D C:\Users\defaultuser0
2024-03-04 09:47 - 2022-02-19 14:38 - 000001342 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-03-04 09:47 - 2021-10-05 23:39 - 000000000 ____D C:\Users\sms\AppData\Local\PCHealthCheck
2024-03-04 09:46 - 2023-05-01 08:11 - 000000000 ____D C:\Users\sms\AppData\Local\Malwarebytes
2024-03-04 09:45 - 2021-06-08 14:41 - 000000000 ____D C:\Users\sms\AppData\LocalLow\IGDump
2024-03-04 09:39 - 2022-02-08 12:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-04 09:38 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-04 09:30 - 2020-06-16 18:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-04 08:43 - 2020-06-16 18:39 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1CC147CE-5662-45E1-902C-29AC61883FEC}
2024-03-03 23:20 - 2017-11-13 23:15 - 000000000 ____D C:\Users\sms\Documents\Outlook Files
2024-03-03 23:05 - 2019-10-05 13:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-03-03 14:00 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-03 14:00 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-03 13:36 - 2020-06-17 21:08 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-03 00:01 - 2018-07-02 16:01 - 000000000 ____D C:\ProgramData\Packages
2024-03-03 00:01 - 2017-11-09 10:24 - 000000000 ____D C:\Users\sms\AppData\Local\Packages
2024-03-02 23:57 - 2017-11-06 18:12 - 000000000 __SHD C:\Users\sms\IntelGraphicsProfiles
2024-03-02 23:53 - 2020-06-16 18:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-02 23:53 - 2020-06-15 14:59 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-02 23:53 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-03-02 23:52 - 2019-12-07 03:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2024-03-01 19:54 - 2018-04-30 16:17 - 000000000 ____D C:\Users\sms\AppData\Local\D3DSCache
2024-03-01 19:08 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-01 15:26 - 2020-06-16 18:08 - 005245568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-01 15:21 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-01 15:21 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-01 15:21 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-01 15:21 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-01 05:01 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-01 04:48 - 2020-06-16 18:11 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-29 13:01 - 2023-09-14 15:52 - 000001424 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2024-02-29 13:01 - 2019-09-10 17:21 - 000000000 ____D C:\Users\sms\AppData\Local\Grammarly
2024-02-29 09:47 - 2020-06-16 18:13 - 000000000 ____D C:\Users\sms
2024-02-29 00:42 - 2021-12-14 19:02 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-29 00:42 - 2020-07-23 16:22 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-28 09:46 - 2020-07-14 17:08 - 000000000 ____D C:\Users\sms\AppData\Local\CrashDumps
2024-02-28 09:45 - 2023-11-04 11:44 - 000000000 ____D C:\Users\sms\AppData\Local\ESET
2024-02-27 17:45 - 2018-02-28 12:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-27 13:11 - 2023-11-16 19:15 - 000000000 ____D C:\Users\sms\Desktop\858HDJES
2024-02-27 13:02 - 2017-11-06 18:21 - 000000000 ____D C:\Users\sms\AppData\Roaming\Microsoft\Word
2024-02-22 20:29 - 2020-06-17 21:08 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-22 20:29 - 2020-06-17 21:08 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-22 19:07 - 2023-11-16 19:18 - 000000000 ____D C:\Users\sms\Desktop\BOOK MARKETING
2024-02-22 15:12 - 2021-01-06 20:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-02-22 15:06 - 2018-01-11 14:51 - 000000000 ____D C:\Users\sms\Desktop\Cheris Botanical Book
2024-02-22 15:06 - 2017-11-16 07:54 - 000000000 ____D C:\Users\sms\AppData\Local\Blurb
2024-02-21 17:51 - 2021-09-11 12:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-21 17:51 - 2020-03-10 09:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-20 19:12 - 2021-01-28 18:18 - 000001274 _____ C:\Users\sms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-20 19:12 - 2020-08-05 13:51 - 000000000 ____D C:\Users\sms\AppData\Local\Dropbox
2024-02-20 19:12 - 2020-03-10 09:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-20 19:12 - 2017-02-20 09:46 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-02-20 17:42 - 2022-02-22 14:30 - 000023465 _____ C:\Users\sms\Desktop\pwrimupdated2.txt
2024-02-20 14:23 - 2017-11-06 23:05 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-20 12:43 - 2018-01-05 12:31 - 000000000 ____D C:\Users\sms\Desktop\forgreg
2024-02-19 19:41 - 2017-11-06 22:47 - 000000000 ____D C:\Users\sms\AppData\Local\ElevatedDiagnostics
2024-02-18 19:56 - 2017-11-06 18:21 - 000000000 ____D C:\Users\sms\AppData\Roaming\Microsoft\Office
2024-02-18 10:14 - 2017-02-20 09:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-17 14:55 - 2019-01-28 12:31 - 000000000 ____D C:\Users\sms\Documents\TurboTax
2024-02-17 01:37 - 2020-06-16 18:26 - 000870746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-16 23:53 - 2023-10-28 02:24 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1004
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1001
2024-02-16 23:53 - 2021-12-13 07:48 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-309238639-2357849422-1781197669-1000
2024-02-16 23:53 - 2020-08-16 14:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-15 11:58 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-13 18:37 - 2017-11-07 00:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-13 18:30 - 2017-11-07 00:36 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-13 08:01 - 2020-03-31 09:37 - 000000000 ____D C:\Users\sms\Desktop\PANTS ON FIRE
2024-02-12 15:02 - 2017-12-05 14:13 - 000000000 ____D C:\Users\sms\Desktop\Christmas
2024-02-10 14:06 - 2020-06-16 18:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-02-08 20:09 - 2023-11-16 19:15 - 000000000 ____D C:\Users\sms\Desktop\THISSTUFF!!!
2024-02-08 20:07 - 2023-09-28 08:44 - 000000000 ____D C:\Users\sms\Desktop\lakewayswap
2024-02-08 20:04 - 2020-01-21 22:44 - 000000000 ____D C:\Users\sms\Desktop\Illustrated Discovery Journal
2024-02-08 20:02 - 2018-07-13 15:53 - 000000000 ___RD C:\Users\sms\Desktop\family
2024-02-08 19:49 - 2017-11-07 09:51 - 000000000 ____D C:\Users\sms\Desktop\Graphics
2024-02-08 10:27 - 2017-02-20 09:43 - 000000000 ____D C:\Program Files\HP
2024-02-07 15:52 - 2017-11-09 21:05 - 000000000 ____D C:\Users\sms\Desktop\MAIL LABEL TEMPLATES
2024-02-05 14:25 - 2018-05-30 10:04 - 000000000 ____D C:\Users\sms\Desktop\RECIPES

==================== Files in the root of some directories ========

2018-01-31 14:03 - 2020-05-08 18:51 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2018-02-28 00:16 - 2023-09-21 13:12 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe BMP Format CS5 Prefs
2018-01-20 17:53 - 2020-11-11 14:20 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe GIF Format CS5 Prefs
2019-03-26 15:21 - 2019-03-26 15:21 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2018-01-02 14:52 - 2023-09-21 13:07 - 000000132 _____ () C:\Users\sms\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-11-14 10:33 - 2021-11-16 22:04 - 000052222 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.ADR
2017-11-14 10:32 - 2017-11-14 10:32 - 000012965 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.CAL
2021-11-16 21:58 - 2022-01-09 10:17 - 000011935 _____ () C:\Users\sms\AppData\Roaming\Comma Separated Values.EML
2018-08-23 19:38 - 2019-03-26 16:54 - 000001456 _____ () C:\Users\sms\AppData\Local\Adobe Save for Web 12.0 Prefs
2020-05-22 21:01 - 2020-07-14 18:09 - 000464058 _____ () C:\Users\sms\AppData\Local\ars.cache
2020-05-22 21:05 - 2020-07-14 18:10 - 002495679 _____ () C:\Users\sms\AppData\Local\census.cache
2020-05-22 20:05 - 2020-05-22 20:05 - 000000036 _____ () C:\Users\sms\AppData\Local\housecall.guid.cache
2018-09-26 13:13 - 2018-09-26 13:13 - 000000000 _____ () C:\Users\sms\AppData\Local\oobelibMkey.log
2020-05-22 20:10 - 2020-06-20 22:55 - 000000010 _____ () C:\Users\sms\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by sms (04-03-2024 09:53:10)
Running from C:\Users\sms\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4123 (X64) (2020-06-17 00:41:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-309238639-2357849422-1781197669-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-309238639-2357849422-1781197669-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-309238639-2357849422-1781197669-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-309238639-2357849422-1781197669-501 - Limited - Disabled)
sms (S-1-5-21-309238639-2357849422-1781197669-1001 - Administrator - Enabled) => C:\Users\sms
WDAGUtilityAccount (S-1-5-21-309238639-2357849422-1781197669-504 - Limited - Disabled)
ZM S (S-1-5-21-309238639-2357849422-1781197669-1004 - Administrator - Enabled) => C:\Users\ZM S

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Web Premium (HKLM-x32\...\{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Amazon Kindle) (Version: 1.34.1.63103 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.252 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D76F9829-A6F3-48D3-A0B6-BC1522CB9F49}) (Version: 17.0.0.21 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-3bcaf33b-8b43-46e4-9bef-555e973cf034) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BookWright version 1.2.163 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.2.163 - Blurb, Inc.)
calibre 64bit (HKLM\...\{046879EF-51A3-40F5-9D27-539286BEBBCE}) (Version: 6.3.0 - Kovid Goyal)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CoffeeCup Sitemapper (HKLM-x32\...\CoffeeCup Sitemapper) (Version:  - )
Creative Fonts Chrsitmas (HKLM-x32\...\{71C4AE5E-5DEA-4A0A-8779-32C574DB0319}) (Version: 1.0.0 - Summitsoft Corporation) Hidden
Creative Fonts Chrsitmas (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Creative Fonts Chrsitmas 1.0.0) (Version: 1.0.0 - Summitsoft Corporation)
Cyberduck (HKLM\...\{5CC20ECB-265A-4D61-8A6D-12DBE179B2FC}) (Version: 8.6.0.39818 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{09db73b4-2eca-4a71-963b-56a179f5dc3a}) (Version: 8.6.0.39818 - iterate GmbH)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3426 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 193.4.5594 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.71 - Google LLC)
Grammarly Editor (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\GrammarlyForWindows) (Version: 1.5.81 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{D55C414A-684A-4B84-A003-C248B40FD7C6}) (Version: 6.8.263 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{54da24a3-a032-400b-8762-669a8bf92df5}) (Version: 6.8.263 - Grammarly)
Grammarly for Windows (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Grammarly Desktop Integrations) (Version: 1.2.66.1326 - Grammarly)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.10 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP OfficeJet Pro 9010 series Basic Device Software (HKLM\...\{054E1B87-E52B-4B86-92B6-2FCA44090110}) (Version: 49.6.4502.206 - HP Inc.)
HP Orbit (HKLM\...\{1A083C69-5382-4CF9-8074-80EC050D9FC8}) (Version: 3.5.171.271 - HP) Hidden
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Orbit Service (HKLM\...\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}) (Version: 2.5.171.271 - HP Inc) Hidden
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{ECCFEFB0-A6EB-4BB3-9C9D-690370ED0C6D}) (Version: 1.7.0.0 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)
HP SFTP Plugin (HKLM-x32\...\{A441A742-7F3D-4B93-943B-18F5488ACE49}) (Version: 49.1.320.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 1.0.321.0 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S OCR (HKLM-x32\...\{E793D9AC-4A93-402F-84AD-9C5C752CCBE8}) (Version: 15.4.1132.0 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{90291EBF-187A-4C7E-A9AD-DCCB6C946536}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FBDA24D3-1A19-4D75-B3F1-F2A1FB6B61BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{8DEA4234-C97D-41BE-B2BC-313A196BCD09}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{8AAC5651-3DE3-4C1C-80AD-9D6192B1AA1A}) (Version: 16.8.3.1004 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1841.2 - Intel Corporation)
Intel® Serial IO (HKLM\...\{EABFC0C6-2EFD-486D-8DEB-5A07527FB179}) (Version: 30.100.1841.2 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000020-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.20.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{EF71AFFB-85B5-407C-A301-39EA25F98313}) (Version: 20.90.0.2270 - Intel Corporation) Hidden
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Java™ SE Development Kit 21.0.1 (64-bit) (HKLM\...\{75B0E1AE-DC20-5AC0-A358-61B0256DADBE}) (Version: 21.0.1.0 - Oracle Corporation)
Kindle Create (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Kindle Create) (Version: 1.61.0.0 - Amazon)
Kindle Kids' Book Creator (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\KKBC) (Version: 1.003 - Amazon)
KindlePreviewer (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\KindlePreviewer) (Version: 2.943 - Amazon)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-a7e52f56-01ce-4198-8245-46bf434002e7) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
Map Downloader (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{020aa847-631a-4c83-bc55-bfbd1e8765d7}) (Version: 21.1.8 - Harman International Industries, Incorporated)
Map Downloader (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\{acd26ad8-8228-4b52-8dd6-3941dacb119f}) (Version: 19.3.30 - Harman International Industries, Incorporated)
McAfee (HKLM\...\McAfee.WPS) (Version: 1.14.212.1 - McAfee, LLC)
McAfee Safe Connect (HKLM-x32\...\{82D8F05E-9F97-415F-8622-C65C6759EFC6}) (Version: 2.16 - McAfee, LLC.) Hidden
McAfee Safe Connect (HKLM-x32\...\{a6cf057b-0e6f-4367-9afe-6aeb5a6ca5a5}) (Version: 2.16 - McAfee, LLC.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\5a0b0fb31a61cf22) (Version: 17.0.6271.8 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{BD2E4F7B-30B0-46A7-8E5C-D99D21C52336}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{200969CA-4114-4553-832D-4286C5ACBB98}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0 (x64 en-US)) (Version: 123.0 - Mozilla)
Mozilla Firefox 85.0 (x64 en-US) (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-23967c0a-93bf-4e02-ad1f-a6daee4f00fa) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Product Improvement Study for HP OfficeJet Pro 9010 series (HKLM\...\{47CB77FB-1807-4C2A-8F92-571C63EF96F1}) (Version: 49.6.4502.206 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-57907b6d-9add-476d-b133-a5c04d070310) (Version: 3.0.2.126 - WildTangent) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
Sparkle 2 (HKLM-x32\...\WTA-ee52d951-fb5c-4ab7-99e9-b3bc05351348) (Version: 3.0.2.51 - WildTangent) Hidden
TSR Watermark Image software version 3.7.2.3 (HKLM-x32\...\TSR Watermark Image_is1) (Version: 3.7.2.3 - TSR Software)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2018 WinPerFedFormset (HKLM-x32\...\{4F5D754A-4CF7-489E-9FC7-DCF124A9C13B}) (Version: 018.000.1958 - Intuit Inc.) Hidden
TurboTax 2018 WinPerReleaseEngine (HKLM-x32\...\{3B81DEB0-2307-4542-A370-47D7B15B4EE5}) (Version: 018.000.0370 - Intuit Inc.) Hidden
TurboTax 2018 WinPerTaxSupport (HKLM-x32\...\{E9FCBA33-DB82-4992-A4FE-3A2D4C974DD7}) (Version: 018.000.0124 - Intuit Inc.) Hidden
TurboTax 2018 wrapper (HKLM-x32\...\{B29215FE-D5C4-4C2D-BDA1-11EBF3638653}) (Version: 018.000.0109 - Intuit Inc.) Hidden
TurboTax 2018 wriiper (HKLM-x32\...\{AF54E211-DDF3-46C5-861E-753C8B757D4C}) (Version: 018.000.1115 - Intuit Inc.) Hidden
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2019 WinPerFedFormset (HKLM-x32\...\{E06C08B0-B8A7-4D16-AC3D-A9B215B4DF33}) (Version: 019.000.2903 - Intuit Inc.) Hidden
TurboTax 2019 WinPerReleaseEngine (HKLM-x32\...\{3B2774BA-9EAF-4AC6-8E06-98EA76831746}) (Version: 019.000.0376 - Intuit Inc.) Hidden
TurboTax 2019 WinPerTaxSupport (HKLM-x32\...\{7A9F6F61-D188-4851-A4B5-1766EB5295C9}) (Version: 019.000.0115 - Intuit Inc.) Hidden
TurboTax 2019 wrapper (HKLM-x32\...\{DF0DB405-2E2C-4DFE-A6E7-342E7900F594}) (Version: 019.000.0127 - Intuit Inc.) Hidden
TurboTax 2019 wriiper (HKLM-x32\...\{8A3D77B8-70A0-4C50-B3AF-0F736CAC9256}) (Version: 019.000.1228 - Intuit Inc.) Hidden
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax 2020 WinPerReleaseMsi (HKLM-x32\...\{52E6AD69-FBE7-42C0-9F5B-CD282EB7FD76}) (Version: 020.000.1601 - Intuit Inc.) Hidden
TurboTax 2020 wriiper (HKLM-x32\...\{64E1EAA9-4ADA-48A8-9A17-DC89F40A1C1F}) (Version: 020.000.1074 - Intuit Inc.) Hidden
TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0583 - Intuit Inc.)
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0407 - Intuit Inc.)
TurboTax 2023 (HKLM\...\{E562E609-8B17-48CF-A82C-0A78ED485299}) (Version: 023.000.0428 - Intuit Inc.)
UCheck version 3.9.3.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 3.9.3.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VSee (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\VSee) (Version: 4.11.3.43458 - VSee Lab Inc)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.866 - McAfee, LLC)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows Driver Package - Hewlett-Packard USB  (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
wriiperStateIS (HKLM-x32\...\{19230F8E-4B7C-4066-A15F-0D8203921993}) (Version: 021.000.0105 - Intuit Inc.) Hidden
wriiperStateIS (HKLM-x32\...\{283B195F-A365-44AC-AE23-9DE1DAF3C03C}) (Version: 022.000.0102 - Intuit Inc.) Hidden
Zoom (HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)

Packages:
=========

Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-06-08] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-03-29] (Audible Inc)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bing Fan Favorites - Landscapes -> C:\Program Files\WindowsApps\Microsoft.BingFanFavorites-Landscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Coastal Portugal by Paulo P Pereira -> C:\Program Files\WindowsApps\Microsoft.CoastalPortugalbyPauloPPereira_1.1.0.0_neutral__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2023-12-21] (Dropbox Inc.)
Easy Violin Tuner -> C:\Program Files\WindowsApps\10763Neonway.EasyViolinTuner_1.8.2.0_x86__7kzf3j20m4tcj [2023-03-27] (Neonway)
Fountain Pens -> C:\Program Files\WindowsApps\Microsoft.FountainPens_1.0.0.0_neutral__8wekyb3d8bbwe [2018-11-21] (Microsoft Corporation)
Garden Glimpses by Rangan Das -> C:\Program Files\WindowsApps\Microsoft.GardenGlimpsesbyRanganDas_1.0.0.0_neutral__8wekyb3d8bbwe [2018-07-24] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-11-07] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.5.0.0_x64__v10z8vjag6ke6 [2024-02-28] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-18] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-08] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-02-13] (Instagram)
Isle of Man by Mark Wallace -> C:\Program Files\WindowsApps\Microsoft.IsleofManbyMarkWallace_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-10] (Microsoft Corporation)
McAfee -> C:\Program Files\McAfee\wps\1.14.212.1 [2023-12-16] ()
Meteor Showers -> C:\Program Files\WindowsApps\Microsoft.MeteorShowers_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13001.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation) [Startup Task]
Netherlands Countryside -> C:\Program Files\WindowsApps\Microsoft.NetherlandsCountryside_1.1.0.0_neutral__8wekyb3d8bbwe [2017-12-03] (Microsoft Corporation)
Pantone Color of the Year 2022 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PantoneColoroftheYear2022_1.0.0.0_neutral__8wekyb3d8bbwe [2023-03-08] (Microsoft Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation)
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.1.1.0_neutral__5byw4zywtsh80 [2022-10-19] (Pinterest Inc.)
Prism Video Converter -> C:\Program Files\WindowsApps\NCHSoftware.PrismFree_10.4.0.0_x86__7kedsbyvzns34 [2023-10-14] (NCH Software)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.4.96.0_x64__kx24dqmazqk8j [2023-08-22] (Random Salad Games LLC)
Snow Sculptures -> C:\Program Files\WindowsApps\Microsoft.SnowSculptures_1.0.0.0_neutral__8wekyb3d8bbwe [2018-11-21] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Studios) [MS Ad]
Spiekeroog by Markus Janse -> C:\Program Files\WindowsApps\Microsoft.SpiekeroogbyMarkusJanse_1.0.0.0_neutral__8wekyb3d8bbwe [2018-03-28] (Microsoft Corporation)
The Northern Lights -> C:\Program Files\WindowsApps\Microsoft.TheNorthernLights_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation)
The Weather 14 days -> C:\Program Files\WindowsApps\tiempo.com.ElTiempo14das_3.2.10.0_x64__1jw6nrrrzn4a6 [2022-06-23] (Meteo Network) [MS Ad]
Weather Radar Pro -> C:\Program Files\WindowsApps\15196RobertFirth.RadarWeather_3.9.0.198_x64__gqrwdc4c1z97p [2021-05-23] (Robert Firth)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-10] (Microsoft Corporation)
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2023-07-10] (Microsoft Corp.)
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-07-28] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-02-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.58.448.0_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft Corp.)
Windows App Runtime DDLM 2000.802.31.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x6_2000.802.31.0_x64__8wekyb3d8bbwe [2023-07-10] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x8_2000.802.31.0_x86__8wekyb3d8bbwe [2023-07-10] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-02-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2023-12-16] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD4F206532F} -> [Creative Cloud Files] => C:\Users\sms\Creative Cloud Files [2017-12-20 08:55]
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\sms\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\11B5FF2D92\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\sms\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.263\11B5FF2D92\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{d4ec04a3-7b3b-f5dd-3ee9-6a7118ff4224}\localserver32 -> C:\Users\sms\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-309238639-2357849422-1781197669-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\sms\Dropbox [2020-08-05 14:21]
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.14.212.1\mc-ctxmnu.dll [2023-12-16] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxDTCM.dll [2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.14.212.1\mc-ctxmnu.dll [2023-12-16] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2024-03-01 19:05 - 2024-03-01 19:05 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\05c255bc88cee64ebfbd4fb230db42b6\BRIDGECommon.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\de71453bf9f58c843aea9b8ae69e5105\BridgeExtension.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\a706a6de2bf93cde3ed0d1f1d2052cdf\CleanStartController.ni.dll
2023-08-24 01:34 - 2023-08-24 01:34 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f5836eea869011d9f6291cf9b7052643\Interop.IWshRuntimeLibrary.ni.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\5e2e18fdd0a7d80d3e68776f7a56f752\Hardcodet.Wpf.TaskbarNotification.ni.dll
2024-01-24 20:24 - 2024-01-24 20:24 - 000135168 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\3b4f1378b22cb53fa730d04d74726824\CommonPortable.ni.dll
2020-05-23 08:32 - 2013-03-07 22:07 - 000009728 _____ (Luis Cobian) [File not signed] [File is in use] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\98f7d1a72e11f076819a1ea8801d5da5\NAudio.ni.dll
2020-04-19 20:38 - 2020-04-19 20:38 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 20:38 - 2020-04-19 20:38 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 003062272 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\72213784b42226a70b1b0e9538e2f7d5\Newtonsoft.Json.ni.dll
2024-01-24 20:25 - 2024-01-24 20:25 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\8286f136ddf128a91d1e3540b4ebe22b\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-309238639-2357849422-1781197669-1001 -> {A7197130-706D-404A-8AEE-A82126DA323B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-309238639-2357849422-1781197669-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-02-01] (HP Inc. -> HP Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 05:47 - 2024-03-02 23:50 - 000000840 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 local.skyfonts.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\IdrsOCR_15.4.1132.0\;C:\Program Files\Calibre2\;%JAVA_HOME%\bin;
HKU\S-1-5-21-309238639-2357849422-1781197669-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\Control Panel\Desktop\\Wallpaper -> c:\users\sms\desktop\graphics\screen backgrounds\newbackground3823.jpg
HKU\S-1-5-21-309238639-2357849422-1781197669-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\sms\Desktop\Graphics\screen backgrounds\skroog.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "Monotype SkyFonts System Extension"
HKU\S-1-5-21-309238639-2357849422-1781197669-1001\...\StartupApproved\Run: => "SafeConnect"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{34E1EA88-85F7-4891-9244-A8DBCEEA7563}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{1A607445-A7D1-4342-8895-0B6DDF638478}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [TCP Query User{1BBE011D-0C27-4513-9A28-7D0387D5B613}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{4347DB9E-B686-4B35-80DA-6D06542A77F4}C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 9010 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [{B267FC6B-6B8E-4F42-994C-154E309492EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C82527D2-4433-44BE-B08A-56BAA3D7EF5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A542ED7D-4041-46D2-AAB4-89EA8E7FAE2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7DCBEB3D-1D55-4556-8179-C2077E6D92FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93F5E42-6747-4396-A5AF-8B19D9D06BD1}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B45348BB-D382-41FC-B6DB-3D9E069C5158}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4F4AAC1F-49CD-4DFD-9CD1-B8C3669B8951}] => (Allow) C:\Users\sms\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{35193C0A-5010-48D4-930F-443AEFA519B4}] => (Allow) C:\Program Files\TurboTax\Individual 2023\64bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{2F2686F5-0796-4AF3-98E3-0049889C2786}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{557F0895-4610-44C4-9931-CDA0412E25B5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{13D4FCB7-E318-4E4C-89B6-4C4BD63FFE74}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{AA920F45-35F9-43C6-B84C-C09F6183BD81}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{3E34BF79-92CD-4F97-A932-180420F55240}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{7301969E-BB41-4F33-98BA-C4C8153BBDE5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{CBA04F7A-F8C5-47C0-9EF2-2662334314DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{AF676128-8E99-4583-A61F-ECDE28C65302}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{B789BC04-5D97-4219-BC52-1FE939A8932B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EB50D76-1EEB-4969-B971-A013751B0393}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A62A1D5-F1AE-47FD-BDB5-7F3F69B0EE89}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AACBA9F-117E-4CFB-BAFF-5B98A8EE5C1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4492A6E5-DD01-4051-8C02-CFBFBF9ABE0E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E38DC92D-20ED-4507-AC21-B7DAB76FE6D3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

04-03-2024 09:46:13 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/03/2024 07:06:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (03/03/2024 06:22:20 PM) (Source: Firefox Default Browser Agent) (EventID: 12029) (User: )
Description: Event-ID 12029

Error: (03/03/2024 06:22:20 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/03/2024 09:51:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.4123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3470

Start Time: 01da6d3014b73d08

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: aa599959-9e3c-4192-bb28-4ff00a47988f

Faulting package full name: Microsoft.Windows.Search_1.14.13.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Cross-thread

Error: (03/03/2024 12:01:16 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GDKJL4J)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/02/2024 11:54:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-GDKJL4J.local already in use; will try DESKTOP-GDKJL4J-2.local instead

Error: (03/02/2024 11:54:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-GDKJL4J.local. Addr 192.168.1.13

Error: (03/02/2024 11:54:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.13:5353   16 DESKTOP-GDKJL4J.local. AAAA FD00:6C99:61D8:AA58:0000:0000:0000:1FA3


System errors:
=============
Error: (03/04/2024 01:43:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/04/2024 01:43:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/04/2024 01:43:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/04/2024 01:43:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/04/2024 01:43:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/03/2024 12:55:01 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/03/2024 12:55:01 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/03/2024 12:55:01 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


Windows Defender:
================
Date: 2024-03-02 22:52:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-02 14:54:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/AskToolbar&threatid=227072&enterprise=0
Name: PUA:Win32/AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_F:\FileHistory\sms\DESKTOP-GDKJL4J\Data\C\Users\sms\Desktop\THISSTUFF!!!\PRODUCT KEYS\INSTALLERS\exes\wpsetup (2021_06_07 00_23_58 UTC).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.405.913.0, AS: 1.405.913.0, NIS: 1.405.913.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10

Date: 2024-03-01 19:02:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-01 14:33:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUAAdvertising:Win32/LoadMoney&threatid=311918&enterprise=0
Name: PUAAdvertising:Win32/LoadMoney
Severity: Low
Category: Potentially Unwanted Software
Path: file:_F:\CHRISTMAS CARDS 2021\Christmas card list\Avery Wizard 5.0.0.3026.5.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.405.842.0, AS: 1.405.842.0, NIS: 1.405.842.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10

Date: 2024-03-01 14:33:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/AskToolbar&threatid=227072&enterprise=0
Name: PUA:Win32/AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_F:\FileHistory\sms\DESKTOP-GDKJL4J\Data\C\Users\sms\Desktop\THISSTUFF!!!\PRODUCT KEYS\INSTALLERS\exes\wpsetup (2019_07_26 00_49_01 UTC).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.405.842.0, AS: 1.405.842.0, NIS: 1.405.842.0
Engine Version: AM: 1.1.24010.10, NIS: 1.1.24010.10
Event[0]:

Date: 2023-12-10 16:36:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-12-10 16:36:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-12-10 16:36:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2023-12-10 16:33:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-12-10 16:26:42
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2024-03-04 09:50:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.14.212.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

Date: 2024-03-04 09:41:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.14.212.1\mc-sec-plugin-x86.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.43 07/01/2019
Motherboard: HP 82F2
Processor: Intel® Core™ i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 63%
Total physical RAM: 8071.65 MB
Available physical RAM: 2945.77 MB
Total Virtual: 11066.34 MB
Available Virtual: 4472.48 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.95 GB) (Free:147.32 GB) (Model: WDC WD10EZEX-60WN4A0) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.33 GB) (Free:1.19 GB) (Model: WDC WD10EZEX-60WN4A0) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f50fa4c1-1683-4d3b-b774-598e13ea3a2a}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.39 GB) NTFS
\\?\Volume{8a2f6966-74ca-460e-8957-171be8c481eb}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4BDAAAA2)

Partition: GPT.

==================== End of Addition.txt =======================



#15 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 11:10 AM

Your version of Adobe has not been supported for many years now and therefore has security weaknesses, which will not be patched.
It would be a good idea to look at this asap.
This may not be related to the current detections though.
I'll check through the new logs, to see if anything has changed, and get back with my findings.






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users