Jump to content

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB


Go to solution Solved by Maurice Naggar,

Recommended Posts

Windows Security keeps posting this virus.  Trojan:HTML/Phish.RA!MTB and won't let me quarantine or remove it.  it doesn't show up on my daily Malwarebytes scan.  

Affected items:

file: C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX

file: C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\Spam

FRST.txt Addition.txt

Link to post
Share on other sites

Hello @DanaG  My name is Maurice. I will guide you to look for actual malware & remove it. 

What follows are what I suggest to do next.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[ 2 ]

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan .

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites

Hello. Next to do 

This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Hi Maurice,  I downloaded ESET Onlinescanner and tried to run it.  it kept saying ESET online scanner has stopped working.  It says a problem caused the program to stop working correctly .  Windows will close the program and notify you if a solution is available.

Link to post
Share on other sites

Hi. That is good to know. Let's now check your system with another ( different ) antivirus scan tool.

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool    http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

  • How to run a scan with Kaspersky Virus Removal Tool 2020

          https://support.kaspersky.com/15674

  • How to run Kaspersky Virus Removal Tool 2020 in the advanced mode

          https://support.kaspersky.com/15680

  • How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan

          https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
Thank you
Link to post
Share on other sites

That is good to know. 

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

  • Solution

Hi. No need for report if it was a clean report. This system is looking good so far.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekkeping.

We will use FRST64  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Danag  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will rebuild the Winsock. 

NOTE-2: It will run a Quick scan with MS Defender antivirus & then get a status list about its overall state. This run will also remove a bumch of "no file" scheduled tasks.

NOTE-3: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt           <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

I sent two files.  These showed up right after the scan.  i will also copy from Notebook.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022
Ran by Dana (administrator) on DANA-PC (LENOVO 20BX001EUS) (15-04-2022 08:40:20)
Running from C:\Users\Dana\Downloads
Loaded Profiles: Dana
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Bose Corporation) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe
(C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\SkypePlugin.exe
(C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
(C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(explorer.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\56.0.11.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe
(services.exe ->) (Intel(R) Modem Authenticator -> Intel Mobile Communications) C:\Program Files (x86)\Intel Mobile Communications\ModemAuthenticator\IntelModemAuthenticator.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\AvrcpService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(services.exe ->) (Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(valWbioSyncSvc.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5166872 2016-07-13] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis International GmbH -> Acronis)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTServer.exe [230104 2015-07-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [54176 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2018-02-09] () [File not signed]
HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2118 2018-03-28] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [378280 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music Helper] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [851880 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2671608 2022-04-14] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\100.1.37.116\Installer\chrmstp.exe [2022-04-15] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> 
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> 
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-10-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026843FD-CC0D-4770-8BB8-787CBD190916} - System32\Tasks\{F3FCC309-FA6F-4296-B76B-DAE05C9EC81F} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {0631C81F-5345-404C-88C0-7CE4EA62C44A} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {0BDA5F60-AB51-47F5-A444-165E05AB98CA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0CB2C931-A71B-4E04-9834-7E3C0B02606D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {0E97E6C5-0897-4DCF-85C1-971FC51F6B1F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {120BC043-C84E-43F3-8766-C5ACC180787D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {17E9E77D-F28F-42FE-BD6C-143A92126B25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E9E6218-01CD-4EEC-8A93-2F95F7A6D5C0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1e4f7002-5308-4b57-9d37-5a4842034e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {1FB7DAE7-56D5-4A36-8BF4-B36F412B12FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {28852DD2-8F71-4DA4-A1B1-BAF46911EA4D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {29A09521-8ADE-412F-BA28-6305C84005C4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f79bdd5-82ef-4cf9-b12e-9f27695b7ad1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {2D330DD3-AF2B-45C8-B413-132D9E2711BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.)
Task: {2DEE644D-28F4-449F-AB21-B07C71C6A2C3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3070EBE4-F104-437C-AFDE-1612860AFF8C} - System32\Tasks\{2D2166C5-B880-48C8-859C-F2901FDB9AA4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {3A66B181-DD7B-41BF-8074-7167E1D82486} - System32\Tasks\CCleanerSkipUAC - Dana => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {44CDD5E8-FF8E-4E15-8E71-64E2F1F8E2EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {464B062B-7A6B-423E-B366-5885B7445A69} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {47CF58C4-9648-4E1B-B43B-E4EF2781DC2F} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {552533A4-804C-41BA-9D76-23B9CC4AE725} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5A110A4C-826D-48EC-9830-439633731974} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BA029F9-D01C-4577-A2A2-882C0D1CAF58} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {64F946DF-B88F-44D1-AA65-8C578918E499} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {65F3FADF-F417-423A-8AFB-3551FDD3A5C4} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6659B3F5-6776-486F-899D-24603EC8B3B8} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [114112 2021-12-03] (Lenovo -> Lenovo)
Task: {680CD3C2-E3A3-43B2-84B5-657CD6D79DFB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6F41B727-F50D-4CC0-B1D0-1EB82177AC7F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {7BCACE3E-72C8-40DE-AC1C-A8F8FE14F554} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {7E290F0A-7947-41C4-BA8F-5BEDAC807FBB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {8AC6D58D-9E53-4C7F-9289-E86B9D9AF239} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {8B2E4E24-AF26-4FDC-829D-4981E0A383EC} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {908E895A-1667-42B2-9367-FCAE82707A78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {986FA7C0-E3E7-4E8D-9D45-54D8DC63C983} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {996635AA-393E-4AA1-B7C0-0AE28170068B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121605552 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {9BB4F45A-1EC5-4146-A405-DB881C1151DD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\089115ef-4596-4455-a093-aa1545ec6e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9DC0F373-30B7-4CEB-B1CA-5F5CCE31952C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.)
Task: {A3F6B67C-EF77-42B7-BDF1-784BFA4C7155} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {ACE01B2A-A8E7-4665-B92A-0B39E18DA50A} - System32\Tasks\{34CD5E77-77C4-4031-9C1F-FAB820BE5289} => C:\Windows\system32\pcalua.exe -a D:\Autorun.exe -d D:\
Task: {AFDA29A7-06C4-4ECE-8F42-072668F83BE6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B1F6636D-6692-46D7-9752-661D5D3A5DD5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {B767DA16-521D-4855-A46F-26D70E554AE8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform)
Task: {B84A9E2A-BF71-471C-9F3A-C81B49654B4A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBC106EF-131A-4C5F-B999-B0B1DAC2827E} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {C13289CD-622C-4A5A-AA0C-C8725E714CB4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {C25EFF14-B098-4FBE-82CB-B715C49CF7A7} - System32\Tasks\{A1468312-B4AB-4A5A-98F0-2A1CDFB94381} => C:\Windows\system32\pcalua.exe -a C:\Users\Dana\AppData\Local\Apps\2.0\VDARROLH.W77\2Q1QEAZP.EV2\lsb...tion_91a10ba61c75c82d_0001.0006_014be6b8b4b27d94\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=91a10ba61c75c82d, processorArchitecture=msil"
Task: {C737189A-E61C-4D64-9701-E018A56862FC} - System32\Tasks\{E914218A-0908-4685-8C28-5C76322D1326} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {C7F15081-3C68-49A1-B458-3B104BF77069} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C91C1C8A-5607-444E-810B-F7CC723F3AF0} - System32\Tasks\{D3B84D8E-AD48-4D63-A7C0-7D28E12BFF5C} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {CD3B4EB0-6613-447B-8A59-450EE7643463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4C2883-F412-4837-9831-B47F442271A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D9355F7E-A13F-4479-A824-B5F754E3D9A1} - System32\Tasks\{64CF980B-ED1B-4D96-973A-45625518518B} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC)
Task: {DC4520C7-F3A0-4BEE-8C46-40090876B85E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {DC935CC3-167F-4CDA-93E6-95A5E0EC62EE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {DD989857-6210-409B-BDD7-95942FAB7565} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E17D5839-8AC9-409F-BB69-37D8C0725764} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {E1C795F2-0FA3-4FBA-B1D3-97D46B785159} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {E274D82F-D66F-499E-8827-9C4CC2AC7065} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {E3D71B02-EC1D-4E43-9647-EA75259D3F0F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {E8878E17-AC7B-451E-9CA1-0BA5FA64A06F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {EC652FAE-7E22-4151-B773-77BB9E47071D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {EEDFBAE2-8457-450F-B98D-091B76E90648} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F07759B0-5AB8-451C-A3CA-2B8839A799AD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F096C5FC-6106-416A-8CB6-B09D85BB1772} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {F0EAA5F6-EA62-44AF-AAFB-5CA205F78796} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {F5CE988F-83DF-412E-99AD-9654DCA48CC3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {F8AA458B-3954-4AB3-B9C2-3F0A06847B1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {FF90632D-C85D-493E-91CB-CE0CABD9CBC8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b2e3ce9-dffb-41b4-90c3-524ba50c0473}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c0e1da8e-8ad8-4f92-8051-125180f47b75}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c6fdb647-34bc-4f73-b5b0-ad62f3d7d381}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c8350f96-a9f8-4117-86f6-491595b8f12f}: [DhcpNameServer] 76.9.251.1
Tcpip\..\Interfaces\{de81ae96-eaf0-4d5b-9e94-eb658f237786}: [NameServer] 10.83.0.1
Tcpip\..\Interfaces\{e7691b62-bc41-4cf8-b36b-17aea3e4426f}: [DhcpNameServer] 76.9.251.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: h74g8q1m.default-1491247110478-1536710986397
FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397 [2022-04-15]
FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-06-07] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2022-02-19] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-19]
FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\rapportext@trusteer.com.xpi [2020-05-15] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Dissenter Extension) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20dd52e5-90c0-4a51-8b31-e70419c5b126}.xpi [2019-04-02]
FF Extension: (Startpage.com — Private Search Engine) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2021-01-09]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-19]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default [2022-04-12]
CHR Extension: (Slides) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-11]
CHR Extension: (Docs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-14]
CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-09]
CHR Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-04-10]
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-14]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-10]
CHR Extension: (Sheets) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-10]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-09]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-09]
CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Brave: 
=======
BRA Profile: C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-04-15]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-02-16]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-11]
BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-10-10]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-04-14]
BRA Extension: (Brave NTP background images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-04-12]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-14]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-04-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-04-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1143720 2013-02-15] (Acronis International GmbH -> Acronis)
R2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3783672 2016-01-01] (Acronis International GmbH -> Acronis)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> )
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [829080 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2022-03-02] (EXPRSVPN LLC -> ExpressVPN)
R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe [100080 2017-04-28] (Intel(R) MBIM Toolkit -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-03-30] (Malwarebytes Inc -> Malwarebytes)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3002752 2020-02-25] (IBM -> IBM Corp.)
U2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [30504 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254352 2022-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SwiService; C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe [1543144 2017-04-28] (Sierra Wireless, Inc -> Sierra Wireless, Inc.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7084672 2013-03-26] (Acronis International GmbH -> Acronis)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology Corp. -> Wacom Technology, Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25752 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117912 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-03-02] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-11-08] (Express VPN International Ltd. -> ExpressVPN)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [108832 2016-01-01] (Acronis International GmbH -> Acronis International GmbH)
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-12] (Malwarebytes Inc -> Malwarebytes)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [431376 2020-02-25] (IBM -> IBM Corp.)
S1 RapportCerberus_1955065; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1955065.sys [1469776 2020-06-07] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544592 2020-02-25] (IBM -> IBM Corp.)
S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [397248 2020-02-25] (IBM -> IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [447232 2020-02-25] (IBM -> IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562560 2020-02-25] (IBM -> IBM Corp.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [309752 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [120280 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2020-04-01] (ExprsVPN LLC -> The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2016-01-01] (Acronis International GmbH -> Acronis International GmbH)
S3 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [183224 2016-01-01] (Acronis International GmbH -> Acronis)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [130848 2020-04-27] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-15 08:04 - 2022-04-15 08:04 - 002366464 _____ (Farbar) C:\Users\Dana\Downloads\FRST64 (1).exe
2022-04-14 19:06 - 2022-04-14 19:06 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist (1).txt
2022-04-14 19:04 - 2022-04-14 19:04 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist.txt
2022-04-14 14:15 - 2022-04-14 14:15 - 008551608 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner.exe
2022-04-14 14:13 - 2022-04-14 14:13 - 008540344 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner_8.3.1.exe
2022-04-13 21:50 - 2022-04-13 21:50 - 000319176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_klark.sys
2022-04-13 21:44 - 2022-04-13 21:44 - 000299544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\94d46d2e.sys
2022-04-13 21:44 - 2022-04-13 21:44 - 000227664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_mark.sys
2022-04-13 21:42 - 2022-04-13 21:49 - 000000000 ____D C:\KVRT2020_Data
2022-04-13 21:25 - 2022-04-13 21:34 - 116320880 _____ (AO Kaspersky Lab) C:\Users\Dana\Downloads\KVRT.exe
2022-04-13 11:15 - 2022-04-13 11:15 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner (1).exe
2022-04-13 11:13 - 2022-04-14 14:10 - 000001414 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-04-13 11:13 - 2022-04-14 14:10 - 000001308 _____ C:\Users\Dana\Desktop\ESET Online Scanner.lnk
2022-04-13 11:13 - 2022-04-13 11:13 - 000000000 ____D C:\Users\Dana\AppData\Local\ESET
2022-04-13 11:10 - 2022-04-13 11:11 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner.exe
2022-04-12 22:10 - 2022-04-12 22:10 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-12 22:10 - 2022-04-12 22:10 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-12 22:10 - 2022-04-12 22:10 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-12 18:32 - 2022-04-12 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-12 18:32 - 2022-04-12 18:32 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-04-12 18:32 - 2022-04-12 18:32 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-12 18:31 - 2022-04-12 18:31 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-12 18:23 - 2022-04-12 18:23 - 000000000 ___HD C:\$WinREAgent
2022-04-12 12:10 - 2022-04-15 08:12 - 000049200 _____ C:\Users\Dana\Downloads\Addition.txt
2022-04-12 12:06 - 2022-04-15 08:41 - 000051283 _____ C:\Users\Dana\Downloads\FRST.txt
2022-04-12 12:06 - 2022-04-15 08:40 - 000000000 ____D C:\FRST
2022-04-12 12:05 - 2022-04-12 12:05 - 002365952 _____ (Farbar) C:\Users\Dana\Downloads\FRST64.exe
2022-04-06 12:49 - 2022-04-12 19:40 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2022-04-05 09:13 - 2022-03-24 07:54 - 000384584 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3758.sys
2022-04-01 17:31 - 2022-04-01 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2022-04-01 09:25 - 2022-04-01 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2022-03-31 09:26 - 2022-03-31 09:26 - 000000000 ____D C:\WINDOWS\Panther
2022-03-30 15:26 - 2022-03-30 15:26 - 000156490 _____ C:\Users\Dana\Downloads\Lean Enrollment_encrypted_.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-15 08:40 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-15 08:39 - 2016-11-22 09:12 - 000000000 ____D C:\Users\Dana\AppData\LocalLow\Mozilla
2022-04-15 08:33 - 2016-01-01 05:33 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-15 08:15 - 2019-02-04 14:42 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-15 08:14 - 2021-10-10 11:18 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-04-15 08:14 - 2021-10-10 11:18 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2022-04-15 08:06 - 2021-10-10 08:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-15 08:06 - 2021-09-25 22:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-04-15 08:06 - 2020-11-03 01:02 - 000004148 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2C0E6ADA-5CA0-4B9E-87F2-D4AD77B1F348}
2022-04-15 08:06 - 2015-12-31 16:50 - 000000000 ____D C:\Program Files\CCleaner
2022-04-15 08:06 - 2015-12-31 16:44 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-15 08:06 - 2015-12-31 16:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-15 08:03 - 2021-10-22 11:15 - 000000000 ___RD C:\Users\Dana\My Drive (stechetto@gmail.com)
2022-04-15 08:03 - 2020-09-27 07:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-15 08:03 - 2018-10-26 18:09 - 000000000 ___RD C:\Users\Dana\Google Drive
2022-04-15 08:03 - 2016-01-01 04:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\WTablet
2022-04-14 20:01 - 2021-11-08 15:58 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-04-14 20:01 - 2021-11-08 15:58 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-04-14 20:01 - 2020-11-03 01:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-14 14:33 - 2016-01-01 05:33 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 14:33 - 2016-01-01 05:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-14 14:10 - 2016-01-01 01:47 - 000000000 ____D C:\Users\Dana\AppData\Local\CrashDumps
2022-04-13 13:54 - 2020-09-27 07:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-13 13:54 - 2020-09-27 07:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-13 11:05 - 2022-02-04 09:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Samsung Magician
2022-04-13 00:18 - 2015-12-31 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-04-13 00:14 - 2015-12-31 16:43 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-04-12 22:17 - 2020-11-03 01:04 - 000978502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-12 22:17 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-12 22:14 - 2019-05-02 00:52 - 000000000 ___RD C:\Users\Dana\OneDrive
2022-04-12 22:12 - 2015-12-31 16:10 - 000000000 __SHD C:\Users\Dana\IntelGraphicsProfiles
2022-04-12 22:11 - 2020-11-10 23:14 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-12 22:11 - 2016-01-01 15:38 - 000000000 ____D C:\WTablet
2022-04-12 22:10 - 2020-11-10 23:15 - 000000000 ____D C:\ProgramData\Synaptics
2022-04-12 22:10 - 2020-09-27 07:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-12 22:10 - 2020-09-27 07:33 - 000452176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-12 22:10 - 2020-09-27 07:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-12 22:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-12 22:10 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-12 22:10 - 2015-12-31 16:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-04-12 22:10 - 2015-12-31 16:13 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-12 22:09 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-04-12 18:35 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-12 12:21 - 2019-11-04 21:21 - 000000000 ____D C:\Users\Dana\AppData\Local\D3DSCache
2022-04-12 11:45 - 2016-01-01 05:21 - 000001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2022-04-12 11:43 - 2021-03-05 20:38 - 000001060 _____ C:\Users\Dana\Desktop\Core FTP LE.lnk
2022-04-12 11:43 - 2016-01-01 17:28 - 000000000 ____D C:\Program Files (x86)\CoreFTP
2022-04-12 11:36 - 2021-08-31 10:38 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-04-12 11:36 - 2021-08-31 10:38 - 000000000 ____D C:\Program Files\Recuva
2022-04-11 11:02 - 2021-09-03 20:27 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-04-11 11:02 - 2021-09-03 20:27 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-04-11 10:37 - 2021-12-10 19:44 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4034831176-164765369-2251470085-1000
2022-04-11 10:37 - 2020-11-03 01:02 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-04-11 10:37 - 2020-11-03 01:02 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4034831176-164765369-2251470085-1000
2022-04-11 10:37 - 2020-11-03 00:55 - 000002413 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-10 09:48 - 2020-09-27 07:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-10 09:48 - 2020-09-27 07:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-08 08:05 - 2020-09-27 07:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-05 23:50 - 2020-08-21 19:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-05 08:27 - 2015-12-31 16:25 - 000000000 ____D C:\ProgramData\Lenovo
2022-04-05 08:25 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\TempInst
2022-04-04 11:53 - 2017-01-25 14:47 - 000000000 ____D C:\Users\Dana\AppData\Local\ElevatedDiagnostics
2022-04-01 17:31 - 2020-11-10 22:59 - 000001935 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2022-04-01 17:31 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2022-04-01 17:31 - 2015-12-31 16:24 - 000000000 ____D C:\Program Files (x86)\Lenovo
2022-04-01 09:25 - 2020-11-03 01:02 - 000003334 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2022-03-31 09:25 - 2015-12-31 16:48 - 000000000 ____D C:\Program Files\WinRAR
2022-03-23 21:13 - 2020-08-21 19:11 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-03-23 21:12 - 2020-08-21 19:11 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== Files in the root of some directories ========

2020-11-10 23:55 - 2022-04-15 08:03 - 001905434 _____ () C:\Users\Dana\AppData\Local\BTServer.log
2021-08-01 09:56 - 2021-08-01 09:56 - 000000730 _____ () C:\Users\Dana\AppData\Local\recently-used.xbel
2018-09-21 10:04 - 2018-09-21 10:04 - 000007605 _____ () C:\Users\Dana\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Here's the second one:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by Dana (15-04-2022 08:42:06)
Running from C:\Users\Dana\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) (2020-11-03 08:02:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4034831176-164765369-2251470085-500 - Administrator - Disabled)
Dana (S-1-5-21-4034831176-164765369-2251470085-1000 - Administrator - Enabled) => C:\Users\Dana
DefaultAccount (S-1-5-21-4034831176-164765369-2251470085-503 - Limited - Disabled)
Guest (S-1-5-21-4034831176-164765369-2251470085-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4034831176-164765369-2251470085-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4034831176-164765369-2251470085-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Amazon Music (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Amazon Amazon Music) (Version: 6.0.0.1152 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk SketchBook Pro 2011 sp2 (HKLM-x32\...\{F0B27584-72DD-4CED-A329-57C7F91586C0}) (Version: 5.20.0000 - Autodesk)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.116 - Brave Software Inc)
Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
Content (HKLM-x32\...\{B369483E-0728-405C-8F8C-3427B263B01F}) (Version: 1.00.0000 - Your Company Name) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version:  - )
Corel Painter 11 - ICA (HKLM-x32\...\{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (HKLM-x32\...\{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}) (Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (HKLM-x32\...\{28F8F8F0-C278-454A-9507-46B344AAD188}) (Version: 11.0 - Corel Corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Documentation Manager (HKLM\...\{87CA98A2-FF74-4CBE-81D8-0E9145F4A97C}) (Version: 22.30.0.11 - Intel Corporation) Hidden
EditPad Lite 7.4.0 (HKLM\...\EditPad Lite) (Version: 7.4.0 - Just Great Software)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies)
ExpressVPN (HKLM-x32\...\{90e86a49-1129-4c1e-87a0-634efa18d2c6}) (Version: 10.20.0.6 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8770D7837}) (Version: 10.20.0.6 - ExpressVPN) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 56.0.11.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IconHandler 32 bit (HKLM-x32\...\{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}) (Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (HKLM\...\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}) (Version: 2.0 - Corel Corporation) Hidden
Inkscape 0.92.4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.4.0 - Inkscape project)
Intel(R) Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5144 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{b6118eaf-49e9-457a-85dd-0a4a96aa9e93}) (Version: 22.30.0.11 - Intel Corporation) Hidden
Langauge (HKLM-x32\...\{840BF2FE-033D-437C-89D1-AAA206BA13B6}) (Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.23 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo)
LINE (HKLM-x32\...\LINE) (Version: 4.3.2.730 - LINE Corporation)
Luminar 4 (HKLM\...\Luminar 4) (Version: 4.2.0.5577 - Skylum)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\OneDriveSetup.exe) (Version: 22.065.0327.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
ModemAuthenticator (HKLM-x32\...\{30F2BC34-BB35-4722-9CE9-B04849D3C934}) (Version: 1.0.25 - Intel Mobile Communications)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.6.2 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.0 (x64 en-US)) (Version: 91.8.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAPID Mode (HKLM\...\{7B2F4116-7C42-4EB6-9B11-220F0FAA3567}) (Version: 1.0.1.105 - Samsung Electronics Co., Ltd.) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1955.62 - Trusteer) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8988.1 - Realtek Semiconductor Corp.) Hidden
REALTEK Bluetooth Profile (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AC}) (Version: 1.0.6.071015 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.1.0.770 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.36.10970.4674 - Sierra Wireless, Inc.)
Software Upgrade Assistant (HKLM-x32\...\{B33BA940-B460-4F02-BFF3-1DDCE7083726}_is1) (Version: 2.3.8 - Motorola Mobility LLC)
SoundTouch (HKLM-x32\...\{BEF6C302-C29F-4FCA-9FE1-E9A994A40108}) (Version: 18.1.4.2009 - BOSE)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{9C7B6DA0-852C-46DB-8D8C-F8B25C7F1354}) (Version: 4.5.507.0 - Synaptics)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
TreeSize Free V4.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4 - JAM Software)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1955.62 - Trusteer)
VCarve Desktop 9.5 (HKLM\...\VCarve DesktopV95) (Version: 9.5 - Vectric)
Vectric Shell Extensions 1.2 (HKLM-x32\...\VectricThumbnailShellExt) (Version:  - Vectric)
Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
VTransfer (HKLM\...\VTransfer) (Version: 2.0 - Vectric)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.30-6 - Wacom Technology Corp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23192 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.17.65.0_x86__kgqvnymyfvs32 [2022-03-31] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.78.2.0_x64__kgqvnymyfvs32 [2022-04-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2240.1.0_x64__kgqvnymyfvs32 [2022-04-06] (king.com)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_6.7.9.0_x64__h6adky7gbf63m [2022-03-31] (Gameloft SE)
FarmVille 2: Country Escape -> C:\Program Files\WindowsApps\D52A8D61.FarmVille2CountryEscape_19.7.7670.0_x64__jwbwg6xx0377a [2022-04-07] (Zynga Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-27] (Microsoft Corporation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30391.0_x64__8wekyb3d8bbwe [2022-02-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-10-12 06:15 - 2016-10-12 06:15 - 000848896 _____ () [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2016-06-10 13:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-10 13:15 - 2018-01-18 16:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-02-09 17:55 - 2018-02-09 17:55 - 000068608 _____ () [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\zlib1.dll
2018-07-18 14:27 - 2018-07-18 14:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-01-01 18:57 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2016-01-01 18:57 - 2007-10-26 12:22 - 000602112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll
2016-01-01 18:57 - 2008-08-05 12:33 - 000172032 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll
2016-01-01 18:57 - 2007-07-10 12:25 - 005345280 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll
2016-01-01 18:57 - 2007-08-06 15:36 - 000110592 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccusa.dll
2016-01-01 18:57 - 2007-01-29 10:59 - 000094208 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrDbgOut.dll
2016-01-01 18:57 - 2008-01-25 21:36 - 000086016 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2016-01-01 18:57 - 2007-01-11 14:07 - 000061440 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrImgPDF.dll
2016-01-01 18:57 - 2003-06-30 01:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll
2016-01-01 18:57 - 2005-07-05 01:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL
2016-01-01 18:57 - 2003-06-30 01:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 025911296 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icudt55.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 001683456 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuin55.dll
2016-10-12 06:15 - 2016-10-12 06:15 - 001158144 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuuc55.dll
2016-10-03 13:04 - 2016-10-03 13:04 - 025048064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icudt56.dll
2016-10-03 13:02 - 2016-10-03 13:02 - 001802240 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuin56.dll
2016-10-03 12:59 - 2016-10-03 12:59 - 001179648 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuuc56.dll
2016-10-12 12:15 - 2016-10-12 12:15 - 000038400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qdds.dll
2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qgif.dll
2016-10-12 12:15 - 2016-10-12 12:15 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qicns.dll
2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qico.dll
2016-10-12 12:13 - 2016-10-12 12:13 - 000988160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\platforms\qwindows.dll
2018-02-09 17:55 - 2018-02-09 17:55 - 004144128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Core.dll
2016-10-12 11:46 - 2016-10-12 11:46 - 004868096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Gui.dll
2016-10-12 11:19 - 2016-10-12 11:19 - 000849408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Network.dll
2016-10-12 11:19 - 2016-10-12 11:19 - 000155136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Sql.dll
2016-10-12 12:01 - 2016-10-12 12:01 - 004486656 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Widgets.dll
2016-10-12 11:20 - 2016-10-12 11:20 - 000152576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Xml.dll
2016-10-12 12:07 - 2016-10-12 12:07 - 000686592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\sqldrivers\qsqlite.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Condusiv Technologies\ExpressCache\
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SketchBook Snapshot.lnk => C:\Windows\pss\SketchBook Snapshot.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: LenovoUtility => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music Helper"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3775B783-2FFA-4093-B4E6-3F0F432EFE41}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C2C77C22-5C20-4138-900F-8F4F7F57DEFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0056A7F6-6691-4D44-AEC0-04A2532C8BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D42CFC1D-FED9-4918-84EA-295B13D74EDA}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{56B2B019-C582-4996-98F7-EFE1A801970C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{8DE0AA2D-09B9-4877-8370-8DA5D9A1DCFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FF8E8146-AB7C-46A7-B8A6-F400040188B6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{5BFF5746-FE42-46BE-BF97-947658352AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis)
FirewallRules: [{85A2858C-FA83-4FA1-AA1C-25E9B8EB37B0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed]
FirewallRules: [{C85818F8-D292-4F87-8BB0-5F84A428A898}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed]
FirewallRules: [{74DC16C1-83ED-47DB-9A9E-37AA7371ADDE}] => (Allow) LPort=54925
FirewallRules: [{F28F845D-CD58-4B6C-BF03-3CA312B8F352}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{F06E4D28-A691-4C07-9410-2039FF4423D9}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [TCP Query User{71CCB605-7EB3-41BB-BF5A-0D8DC33B25A8}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{EECCCD2A-53DB-43F4-8462-5AD678EA365C}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{AD9AA2C7-F365-4F40-91AB-9D07FF6A2BAF}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{C514B6CF-D388-4F38-952B-925484D0A15D}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [{1139B84A-D0C3-4325-AEA0-FC3417C0FBC1}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouch.exe (Bose Corporation) [File not signed]
FirewallRules: [{9696F84C-E5E5-4F96-A3DD-0BD9AB57AAFC}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe (Bose Corporation) [File not signed]
FirewallRules: [{DA68F1CE-0529-4ECF-9E5F-B4522ED6D986}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{300D5226-4C39-4451-B7A2-4FFB67E018B3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{ED29899D-D3DB-4602-A77F-9E58265F4DA6}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B5F6D076-A9A7-4E49-A901-DD395CD8685E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{95B1F257-B4FA-4FE0-94DF-B849DC91276E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{913D7681-6483-488A-BE9C-3EE9A7F1EA67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{357A6BFB-8250-41CE-B3E0-8D58D196312E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3821372D-A256-4C32-A1F8-F93C553F85F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{58320F58-81EA-46AB-A90E-FF7A241BF7D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{16123F2F-8DEE-4ADD-84C2-A556BE07E2A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BDFDA149-6F82-4A5A-9601-96C707C663A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2D384D65-4DD2-4F1A-83E6-558D56B35419}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{17FB87A1-C361-4007-96F4-62497322ED11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0DA8DF78-AC56-4734-B5F9-CE8D4C0C6BC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93499286-B802-49B0-831C-A979ED16D62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D18C854F-61A0-4711-B914-FA983026B48F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A40A1F9-D8FE-4D86-A70F-A424F4D46AD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F6BB1A5-0ECE-45F9-82CA-352F8D26A735}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{9AF58514-4447-4523-92E4-A8A5203CF9E5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{1EB9FBAA-E901-4315-B683-7DAF1F886FF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{43709203-D780-42D7-A1AA-938461AC0577}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/14/2022 02:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x33d8
Faulting application start time: 0x01d85043fff8eca0
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 9fa8a3fc-f319-4d45-8c71-247045dead85
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 12:25:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x810
Faulting application start time: 0x01d84f6c38a65722
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 13bb7018-eb95-4a94-8b5c-0a0f61f2fe92
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x4240
Faulting application start time: 0x01d84f636e6f1a7a
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: bb194e6f-9fad-4c05-94cb-98076367d93b
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:15:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x43c
Faulting application start time: 0x01d84f627bcbe3e3
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 4b778ed9-7f66-4389-98ef-3a8b731d1174
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:15:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x3100
Faulting application start time: 0x01d84f62714bfde5
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: c900ce54-7fda-4351-a72d-7205e7b02f9b
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:14:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x26a4
Faulting application start time: 0x01d84f624f2a03cd
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 06d62b3e-979a-4916-9570-6b54c3bc386c
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0x39d8
Faulting application start time: 0x01d84f624273f2fe
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 1257a88e-a976-439e-8438-60e65c14ed35
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/13/2022 11:13:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7
Exception code: 0xc0000005
Fault offset: 0x00313278
Faulting process id: 0xdf0
Faulting application start time: 0x01d84f6238b398cd
Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: eaf6992c-cca0-42d1-bee6-6b7ffb971628
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (04/15/2022 08:03:29 AM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (04/15/2022 08:03:26 AM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (04/14/2022 03:00:24 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (04/14/2022 02:13:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error: 
Incorrect function.

Error: (04/13/2022 08:26:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error: 
Incorrect function.

Error: (04/13/2022 02:48:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error: 
Incorrect function.

Error: (04/12/2022 10:14:53 PM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.

Error: (04/12/2022 10:14:48 PM) (Source: googledrivefs3688) (EventID: 2) (User: )
Description: The driver version of the disk does not match.


Windows Defender:
================
Date: 2022-04-14 14:33:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-14 14:33:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-13 21:21:13
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5

Date: 2022-04-13 21:20:40
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5

Date: 2022-04-13 21:20:29
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0
Name: Trojan:HTML/Phish.RA!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0
Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5

CodeIntegrity:
===============
Date: 2022-04-14 10:16:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO JBET73WW (1.37 ) 08/14/2019
Motherboard: LENOVO 20BX001EUS
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 55%
Total physical RAM: 11984.07 MB
Available physical RAM: 5387.51 MB
Total Virtual: 24272.07 MB
Available Virtual: 16198.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.82 GB) (Free:10.81 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (stechetto@gmail.com - Google ...) (Fixed) (Total:15 GB) (Free:1.93 GB) FAT32
Drive h: (danag@hevanet.com - Google Drive) (Fixed) (Total:15 GB) (Free:10.27 GB) FAT32

\\?\Volume{d3d06843-b093-11e5-9863-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{a1c15582-0000-0000-0000-90fa39000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A1C15582)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=530 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: E9F389AB)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Addition.txt FRST.txt

Link to post
Share on other sites

Lets go real real slow. And with no panic or any sort of freak worry.
Either the FIX run was done or else it was not.
Did you do the Fix run just like I listed before?
If it was completed ....then on this folder C:\Users\Dana\Downloads
there ought to be a report-file-named Fixlog.txt

again, by the way, copying & pasting files does not help. All I am simply trying to see if whether the script run was done & had completed.
That run is very unique and obvious.

Edited by Maurice Naggar
Link to post
Share on other sites

Hi. Bravo. Well done. :D 

I would recommend getting a readout report as to update the status of some key apps.

 

  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Also, let me know How the system is doing at this point.  I believe it is good-to-go  ( after I review this securitycheck report ).

Link to post
Share on other sites

Microsoft .NET Framework 4.7.2 v.4.7.03062   Warning! Download Update

Microsoft Silverlight v.5.1.50918.0   Warning! This software is no longer supported. Please Uninstall

Microsoft Office Professional Plus 2010 v.14.0.7015.1000   Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

TeamViewer v.15.22.3   Warning! Download Update

TreeSize Free V4.4 v.4.4   Warning! Download Update

GIMP 2.10.10 v.2.10.10   Warning! Download Update

Zoom v.5.9.1 (2581)   Warning! Download Update

QuickTime 7 v.7.78.80.95   Warning! This software is no longer supported. Please uninstall it and use another software.

Adobe AIR v.1.5.2.8870   Warning! Download Update

The use of CCleaner is no longer recommend by the security community since it changes ownership from Piriform.
Instead, use the built-in CLEANMGR that is included with MS Windows.
https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html
 

I believe that this system is good to go. 

:D This is the all clear for this case. This next tool is to cleanup the tools we used during this case. What follows is just a tools cleanup. 

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.