Tech Support Guy banner
Cancel
Create thread New Forums
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Malware Help

Solved
Jump to Latest
6.9K views 37 replies 3 participants last post by  DR M  
M
#1 ·
Can someone take a look and see if I have any malware and look at my computer to see if I have any other problems. Some web sites I can not load so something is blocking them.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2022 01
Ran by MARK (administrator) on MARK-PC (Dell Inc. XPS 8300) (15-04-2022 08:43:40)
Running from C:\Users\MARK\Desktop\Fix
Loaded Profiles: MARK & UpdatusUser
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\FsPisces.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(explorer.exe ->) (MiTAC International Corporation -> MiTAC) C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\mgnContentManager.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Corel Corporation -> ) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(services.exe ->) (Corel Corporation -> ) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(services.exe ->) (Dell Inc. -> ) C:\Windows\System32\dlbacoms.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe <3>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe <2>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe
(services.exe ->) (GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Leawo Software) [File not signed] C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\dleacoms.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [333784 2021-03-31] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\UniConverter 13\WSVCUUpdateHelper.exe (No File)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2022-03-02] (Corel Corporation -> WinZip Computing, S.L.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [145344 2019-07-26] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3146752 2021-12-10] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxWatchTray15.exe [295112 2014-09-19] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [377256 2021-11-08] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [C17A] => C:\Windows\twain_32\Brimc17a\Common\TwDsUiLaunch.exe (No File)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [Magellan Update Manager] => C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\mgnContentManager.exe [2705672 2016-01-20] (MiTAC International Corporation -> MiTAC)
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
HKLM\...\Windows x64\Print Processors\Dell AIO Printer A940 Print Processor: C:\Windows\System32\spool\prtprocs\x64\dlbapp6c.dll [116224 2007-02-20] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\Dell V310-V510 Series Print Processor: C:\Windows\System32\spool\prtprocs\x64\dleadrpp.dll [189440 2009-11-04] () [File not signed]
HKLM\...\Print\Monitors\AIO Printer A940 Port: C:\Windows\System32\dlbalmpm.dll [488448 2007-01-30] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\System32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\Dell Network Port: C:\Windows\System32\dlbalmpm.dll [488448 2007-01-30] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\eLectaDocLoader: C:\Windows\system32\spool\DRIVERS\x64\x64v05.dll [394272 2010-07-19] (ELECTA COMMUNICATIONS LTD -> )
HKLM\...\Print\Monitors\EPSON WF-2760 Series 64MonitorBE: C:\Windows\System32\E_YLMBM1E.DLL [180224 2014-03-04] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\V310-V510 Series Port: C:\Windows\System32\dlealmpm.DLL [892416 2009-12-09] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2022-03-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-04-03]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005DDC6D-49D1-4E0B-9355-53FEA4184DA1} - System32\Tasks\{73AF693E-81A9-4B2B-A107-B18644969FDC} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {05B636A7-74E2-4F79-B3A8-98027E539CA2} - System32\Tasks\{8FDC0B80-7678-41E1-9268-806703BFBA5D} => C:\Windows\system32\pcalua.exe -a "C:\Users\MARK\Desktop\Kelly\FacebookGameroom (2).exe" -d C:\Users\MARK\Desktop\Kelly
Task: {1274F53D-B68C-4317-BD3A-0B3152232A7C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {162B6947-7090-458B-AF1B-14FCC099EB26} - System32\Tasks\{30AF360E-2FDE-48CF-AEE5-73CED99E0D36} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {16893D80-A7C4-4D00-9202-E1BCEBAF8DC1} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {17195BFF-0EFD-4C3C-BE7C-0DE070599B1D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {1A305002-3E97-4404-B3D5-EC3122B3403B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-24] (Google LLC -> Google LLC)
Task: {1A5EE09C-2008-4618-9E39-C7F6637B2CF9} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {1A942A5C-FE8D-4049-A9D6-8893D90BA979} - System32\Tasks\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {1B9B3C78-0F93-4D76-A863-F659B8796B18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {281A7460-642E-40A2-B0E5-A2D2BA0CC5C4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck (No File)
Task: {2A1A57C1-9965-4151-9556-B8E126BF1521} - System32\Tasks\{2AEA0CFB-6DDA-4ACA-9D51-0CE4A91EA61B} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {2DE00C78-BF46-49E7-8C1E-8D19E977FDA5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {30B01322-69EC-4752-B5F5-5E732FA4A206} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} - System32\Tasks\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe (No File)
Task: {38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose (No File)
Task: {3A4C9BB5-147B-47CB-8157-34D11DDF3D1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A7EAC98-7B48-41A4-8E94-C6A2EFAB8E09} - System32\Tasks\{D573FE2F-4D30-4C7A-84DE-559A093071E5} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {3DE84952-ECFD-482D-B8F2-1268D979F166} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E7BDD09-57DA-4DB1-9148-B886FE76E795} - System32\Tasks\CCleanerSkipUAC - MARK => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3EAC0684-7A3A-457B-BD39-D4753F28E783} - System32\Tasks\{FA304AB9-ADF2-4B10-ADE2-7C1F781DE923} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {40FC8802-9F5A-42F6-B95D-6C0067FCEB69} - System32\Tasks\{27003535-56D0-44FC-AE23-EFC0AAFC1A81} => C:\Program Files\iTunes\iTunes.exe [38766552 2021-03-31] (Apple Inc. -> Apple Inc.)
Task: {4363E49C-BB9B-4F25-94BB-799A8B2514BE} - System32\Tasks\{3306EC2A-D2DB-45CD-AE27-6DE4F51B8840} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {48AC33C1-BCE1-4066-B273-E095B37F39DF} - System32\Tasks\{F37F1CE0-D36E-4A8A-B618-7BF2349475D1} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {4CCEF7E3-0CC7-488D-9226-593999AC0E27} - System32\Tasks\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => C:\Users\MARK\Downloads\musicmatch10.00.4033.exe (No File)
Task: {4F3B96DC-2F1B-4EE1-9A6D-23F6F7591DE6} - System32\Tasks\{B5B989B7-88B7-4648-93F4-9CC7C6EE1F33} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {50BF9D53-83BC-4D7E-BCB7-F008C9946199} - System32\Tasks\{479B464A-5FCF-410E-AFE0-ED5300A0DDD0} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {514F2686-26D1-42E9-BB1F-0F73B9CD9D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-24] (Google LLC -> Google LLC)
Task: {51E2506D-181C-4B26-8DB7-5832873E1EA6} - System32\Tasks\Total AV Setup => C:\Program Files (x86)\TotalAV\TotalAV.exe --installed (No File)
Task: {525ADD04-55BA-4913-B544-CBC829CDA221} - System32\Tasks\{9FB150E9-5941-4658-BCD0-641ED11803BF} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {5A680190-A4AD-4180-B563-FD33F1193045} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {6C1855BB-CB6C-4B53-9530-3270B6823597} - System32\Tasks\{8613CE58-4EC3-4C6F-A0F6-7896C586C02F} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {6C1F26CC-CEF8-4356-B642-B2A7C00FF810} - System32\Tasks\{CFA54DC5-88E4-43F0-AF14-2AB26A5003FB} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {79FC83CE-C89D-4589-9D25-A6C9D5BD8E3B} - System32\Tasks\{56517E75-4E43-4B23-9E54-46EF202ADCD5} => C:\Program Files\Google\Chrome\Application\chrome.exe
Task: {8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} - System32\Tasks\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {89C999AC-8CC3-4BF1-ACEE-BAC49AFACC49} - System32\Tasks\CorelUpdateHelperTask-C5DAEB98D9E7651CFD40CFAF623A045D => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {89D424EF-B00F-410F-B9FA-3C5E78DBD125} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {89D424EF-B00F-410F-B9FA-3C5E78DBD125} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {9CF8983E-DD17-4374-9CB9-FAEAAA77A6BA} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\Charter Security Suite\fs_hotfix.exe [291992 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
Task: {AFA421D1-D18A-4BC3-9CC5-E3401BB2CF32} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform)
Task: {BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} - System32\Tasks\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {D2D16E7C-C7C8-469B-8641-39D3B2AA765C} - System32\Tasks\{9FBCC622-5E88-40F3-834C-A5433AC68952} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {E37689B2-96B1-4A41-9A29-508257785AF9} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [3191272 2022-01-08] (GeoComply USA, Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {E9F92CB1-A571-4764-8B01-98CBD5A3A7B8} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {FC4664BE-E964-42C1-9890-50E4C2C56B80} - System32\Tasks\{8EDCEDF5-CB08-495E-9AC5-0C3EAD4298F6} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {FD4538BB-0DD4-44AE-8AA1-D74B44A9CADC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BFB6B096-4145-4ED2-A8E0-19EDCA9E0ED4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F4D55B96-099B-4FAF-8969-C33F96A7E527}: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF DefaultProfile: b8brb095.default-1496939632495-1640217247736
FF ProfilePath: C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\b8brb095.default-1496939632495-1640217247736 [2022-04-15]
FF Extension: (Browsing Protection by F-Secure) - C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\b8brb095.default-1496939632495-1640217247736\Extensions\ols@f-secure.com.xpi [2022-02-22] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-04-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-04-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-05] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-05] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF Plugin HKU\S-1-5-21-2130412082-872510349-2259372935-1000: magellangps.com/mgnContentManager -> C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\npmgnContentManager.dll [2016-01-20] (MiTAC International Corporation -> MiTAC Digital Corp.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default [2022-04-15]
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://websearch.thesearchpage.info/?pid=2457&r=2015/01/16&hid=16875487775573251436&lg=EN&cc=US&unqvl=74"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Drive) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-15]
CHR Extension: (DuckDuckGo) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-04-14]
CHR Extension: (YouTube) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-15]
CHR Extension: (Honey) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-04-14]
CHR Extension: (Google Search) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2021-01-15]
CHR Extension: (Proxy SwitchySharp) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2021-09-19]
CHR Extension: (Session Buddy) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-01-15]
CHR Extension: (Camera) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2022-02-12]
CHR Extension: (Who Dumped Me?) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgeaeoklapomofpcppeiahpnjadbkim [2021-01-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-14]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2022-04-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2021-11-23]
CHR Extension: (Social Video Downloader) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmhdphcfbllelmmdgapkpkhnoonniie [2021-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-15]
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-27]
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [495816 2016-01-12] (Corel Corporation -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [46432 2017-04-19] (Corel Corporation -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [321536 2021-12-06] (Brother Industries, Ltd.) [File not signed]
R2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [90112 2021-10-31] (Leawo Software) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-09-27] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 dlba_device; C:\Windows\system32\dlbacoms.exe [567280 2007-03-05] (Dell Inc. -> )
R2 dlba_device; C:\Windows\SysWOW64\dlbacoms.exe [538096 2007-03-05] (Dell Inc. -> )
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-01-07] (Lexmark International, Inc. -> )
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2021-11-08] (EXPRSVPN LLC -> ExpressVPN)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe [106136 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [972936 2022-03-31] (McAfee, LLC -> McAfee, LLC)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech)
S3 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [3141608 2022-01-08] (GeoComply USA, Inc. -> GeoComply)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxMediaDB15.exe [1097928 2014-09-19] (Corel Corporation -> Corel Corporation)
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation -> Corel Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1089536 2019-06-30] (Corel Corporation) [File not signed]
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxWatch15.exe [342216 2014-09-19] (Corel Corporation -> Corel Corporation)
S3 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-09-22] (Dell Inc -> SoftThinks SAS)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-03-01] (Microsoft) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19968 2022-03-01] (Microsoft) [File not signed]
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [138760 2021-01-14] (ADAPP SASU -> Dokan Project)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2021-11-08] (ExprsVPN LLC -> )
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulgk.sys [398792 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> LeapFrog)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [51736 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R2 fsnif2; C:\Program Files (x86)\Charter Security Suite\Ultralight\nif2\1643898281\nif2s64.sys [172480 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 logi_joy_bus_enum; C:\Windows\System32\drivers\logi_joy_bus_enum.sys [37200 2022-02-17] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\System32\drivers\logi_joy_vir_hid.sys [25928 2022-02-17] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\Windows\System32\drivers\logi_joy_xlcore.sys [66896 2022-02-17] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223688 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195024 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-04-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [147880 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2015-03-25] (iolo technologies, LLC -> EldoS Corporation)
S3 RTLUE8023-W7-64; C:\Windows\System32\DRIVERS\rtu64w7.sys [83016 2013-03-12] (Realtek Semiconductor Corp -> Realtek)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [37032 2016-01-12] (Corel Corporation -> Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [28840 2016-01-12] (Corel Corporation -> Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [36520 2016-01-12] (Corel Corporation -> Corel Corporation)
S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek Semiconductor Ltd. -> Syntek)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2015-03-18] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2021-10-08] (ExprsVPN LLC -> The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (AnchorFree Inc -> Anchorfree Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [738328 2012-05-04] (Kworld Computer Co., Ltd. -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1226136 2012-05-04] (Kworld Computer Co., Ltd. -> eMPIA Technology, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare Software Co., Ltd. -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-15 08:41 - 2022-04-15 08:43 - 000000000 ___DC C:\Users\MARK\Desktop\Fix
2022-04-15 08:37 - 2022-04-15 08:45 - 000000000 ____D C:\FRST
2022-04-15 08:24 - 2022-04-15 08:24 - 000223688 ____C (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-04-15 08:24 - 2022-04-15 08:24 - 000195024 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-04-15 08:24 - 2022-04-15 08:24 - 000147880 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-04-15 08:24 - 2022-04-15 08:24 - 000069040 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-04-15 08:21 - 2022-04-15 08:21 - 002443448 ____C (Malwarebytes) C:\Users\MARK\Downloads\MBSetup.exe
2022-04-15 04:28 - 2022-04-15 04:28 - 016757088 ____C (Advanced System Repair, Inc.) C:\Users\MARK\Downloads\Advanced-System-Repair-Pro-RepairTool.UN.exe
2022-04-14 10:45 - 2022-04-14 10:45 - 001343320 ____C (Google LLC) C:\Users\MARK\Downloads\ChromeSetup.exe
2022-04-14 09:56 - 2022-04-14 09:57 - 000267434 ____C C:\Windows\ntbtlog.txt
2022-04-14 09:50 - 2022-04-14 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2022-04-14 09:50 - 2022-04-14 09:50 - 000051736 ____C (F-Secure Corporation) C:\Windows\system32\Drivers\fsbts.sys
2022-04-14 09:50 - 2022-04-14 09:50 - 000001979 ____C C:\Users\Public\Desktop\Security Suite.lnk
2022-04-14 09:49 - 2022-04-14 10:30 - 000000000 ___DC C:\Windows\system32\Tasks\F-Secure
2022-04-14 09:49 - 2022-04-14 10:30 - 000000000 ____D C:\Program Files (x86)\Charter Security Suite
2022-04-14 09:49 - 2022-04-14 09:49 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-LEUGB_.exe
2022-04-14 09:48 - 2022-04-14 09:48 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-GUWFX_.exe
2022-04-14 09:45 - 2022-04-14 09:45 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-AZJ7P_.exe
2022-04-14 09:26 - 2022-04-14 10:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-14 09:21 - 2022-04-14 09:21 - 000002968 ____C C:\Windows\system32\Tasks\{56517E75-4E43-4B23-9E54-46EF202ADCD5}
2022-04-11 17:12 - 2022-04-11 17:12 - 000002968 ____C C:\Windows\system32\Tasks\{71EF8442-FDBC-498D-A38D-34ABA49D5803}
2022-04-08 12:12 - 2022-04-08 12:12 - 002720981 ____C C:\Users\MARK\Downloads\Hudson_River_Community_CU_Document_update_fo (1).zip
2022-04-08 12:08 - 2022-04-08 12:15 - 000000000 ___DC C:\Users\MARK\Desktop\Car Loan
2022-04-08 12:07 - 2022-04-08 12:07 - 002720587 ____C C:\Users\MARK\Downloads\Hudson_River_Community_CU_Document_update_fo.zip
2022-04-07 19:28 - 2022-04-07 19:28 - 000003372 ____C C:\Users\MARK\Desktop\ipconfig.txt
2022-04-06 18:48 - 2022-04-14 10:30 - 000000000 ____D C:\Users\MARK\AppData\Local\Brother_Industries,_Ltd
2022-04-06 18:16 - 2022-04-06 18:16 - 000000948 ____C C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2022-04-05 20:50 - 2022-04-14 09:00 - 000000000 ___DC C:\Users\MARK\Downloads\testdisk-7.1.win64 (1)
2022-04-04 23:49 - 2022-04-04 23:49 - 000174470 ____C C:\Users\MARK\Downloads\747_ZMD17A6I7517948_1649128883_1649128943.mp4
2022-04-04 15:09 - 2022-04-04 15:40 - 000000000 ___DC C:\Users\MARK\Desktop\Cause
2022-04-03 22:09 - 2022-04-03 22:09 - 000003526 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 2
2022-04-03 22:09 - 2022-04-03 22:09 - 000003524 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 3
2022-04-03 22:08 - 2022-04-14 10:30 - 000000000 ____D C:\Users\MARK\AppData\Local\WinZip
2022-04-03 22:08 - 2022-04-14 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-04-03 22:08 - 2022-04-14 10:30 - 000000000 ____D C:\Program Files\WinZip
2022-04-03 22:08 - 2022-04-03 22:08 - 000003524 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 1
2022-04-03 22:08 - 2022-04-03 22:08 - 000001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001880 ____C C:\Users\Public\Desktop\WinZip.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001795 ____C C:\Users\Public\Desktop\WinZip Image Manager.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001791 ____C C:\Users\Public\Desktop\WinZip PDF Express.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001779 ____C C:\Users\Public\Desktop\WinZip Secure Backup.lnk
2022-04-03 21:56 - 2022-04-03 21:56 - 070833810 ____C C:\Users\MARK\Desktop\Dynastics-HunterMt-78.zip
2022-03-29 11:49 - 2022-04-15 07:48 - 000003208 ____C C:\Windows\system32\Tasks\GeoComply Service Check
2022-03-22 19:26 - 2022-04-14 10:30 - 000000000 ____D C:\Users\MARK\AppData\Local\inSSIDer
2022-03-22 19:25 - 2022-03-22 19:26 - 033858464 ____C (MetaGeek, LLC) C:\Users\MARK\Downloads\inSSIDerSetup.exe
2022-03-22 19:07 - 2022-04-14 10:30 - 000000000 ____D C:\Users\MARK\AppData\Local\MetaGeek
2022-03-22 19:07 - 2022-03-22 19:30 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2022-03-22 19:06 - 2022-03-22 19:26 - 000000000 ____D C:\Users\MARK\AppData\Local\SquirrelTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-15 08:44 - 2022-02-08 21:56 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-15 08:43 - 2016-12-04 15:38 - 000000000 ____D C:\Users\MARK\AppData\LocalLow\Mozilla
2022-04-15 08:24 - 2020-07-03 10:45 - 000001922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-15 08:24 - 2020-07-03 10:45 - 000001910 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-15 08:22 - 2009-07-14 00:45 - 000031872 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-04-15 08:22 - 2009-07-14 00:45 - 000031872 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-04-15 08:21 - 2018-11-18 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-15 08:21 - 2015-04-03 14:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-15 08:14 - 2021-06-20 18:26 - 000000000 ____D C:\Program Files\CCleaner
2022-04-15 08:14 - 2014-04-18 18:49 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-15 08:11 - 2011-12-23 04:18 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-15 08:11 - 2009-07-14 01:08 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2022-04-15 07:39 - 2018-10-15 21:28 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2022-04-15 04:35 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\system32\NDF
2022-04-15 03:08 - 2013-11-08 19:17 - 000000000 ___DC C:\Windows\system32\MRT
2022-04-15 03:01 - 2012-01-21 04:00 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-14 15:02 - 2012-11-21 13:09 - 000000000 ____D C:\ProgramData\Package Cache
2022-04-14 15:01 - 2021-11-29 20:30 - 000000000 ____D C:\Program Files\dotnet
2022-04-14 10:48 - 2020-10-24 20:04 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 10:30 - 2022-01-30 20:55 - 000000000 ___DC C:\Windows\system32\Tasks\Mozilla
2022-04-14 10:30 - 2021-12-22 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-14 10:30 - 2021-11-16 16:44 - 000000000 ____D C:\ProgramData\Protexis64
2022-04-14 10:30 - 2021-10-30 14:42 - 000000000 ____D C:\ProgramData\WinZip
2022-04-14 10:30 - 2021-08-05 16:02 - 000000000 ___DC C:\Users\MARK\Desktop\Lawyer
2022-04-14 10:30 - 2018-10-15 21:21 - 000000000 ____D C:\Program Files (x86)\Browny02
2022-04-14 10:30 - 2018-10-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2022-04-14 10:30 - 2018-10-15 21:15 - 000000000 ____D C:\ProgramData\Brother
2022-04-14 10:30 - 2018-10-15 21:13 - 000000000 ____D C:\Program Files (x86)\Brother
2022-04-14 10:30 - 2016-09-10 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-04-14 10:30 - 2013-05-09 12:38 - 000000000 ____D C:\Users\MARK\AppData\Local\Corel_Corporation
2022-04-14 10:30 - 2012-01-23 20:34 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Audacity
2022-04-14 10:30 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\registration
2022-04-14 10:30 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\inf
2022-04-14 10:08 - 2009-07-14 01:13 - 000782470 ____C C:\Windows\system32\PerfStringBackup.INI
2022-04-14 10:04 - 2021-07-19 00:11 - 000248992 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-04-14 09:59 - 2012-01-20 18:08 - 000000000 ____D C:\Users\MARK\AppData\Local\ElevatedDiagnostics
2022-04-14 09:50 - 2020-12-20 20:37 - 000000000 ____D C:\ProgramData\F-Secure
2022-04-14 09:28 - 2021-11-16 23:51 - 000003870 ____C C:\Windows\system32\Tasks\CCleaner Update
2022-04-14 09:26 - 2021-11-16 16:45 - 000003132 ____C C:\Windows\system32\Tasks\CorelUpdateHelperTask-C5DAEB98D9E7651CFD40CFAF623A045D
2022-04-14 09:22 - 2017-05-06 19:29 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-14 09:20 - 2012-03-20 13:42 - 000000000 ____D C:\Program Files (x86)\Java
2022-04-14 09:19 - 2017-03-06 21:25 - 000165600 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2022-04-14 09:12 - 2011-12-31 15:44 - 000000000 ____D C:\Users\MARK
2022-04-14 09:11 - 2021-10-28 12:52 - 000000000 ____D C:\Users\UpdatusUser
2022-04-14 09:06 - 2016-03-12 16:25 - 000000000 ____D C:\Users\Administrator
2022-04-14 08:56 - 2020-10-24 18:36 - 000000000 ____D C:\Program Files\Google
2022-04-11 20:03 - 2018-06-12 14:04 - 000002163 ____C C:\Users\MARK\Desktop\Google Chrome.lnk
2022-04-10 20:32 - 2021-10-18 23:32 - 000000000 ___DC C:\Users\MARK\Desktop\NEW JOB
2022-04-07 00:49 - 2022-03-13 12:48 - 000000000 ___DC C:\Users\MARK\Desktop\AAA HRCCU Car Loan
2022-04-07 00:10 - 2018-10-15 21:21 - 000002050 ____C C:\Users\Public\Desktop\Brother Creative Center.lnk
2022-04-06 18:48 - 2018-10-15 23:52 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Brother
2022-04-06 18:24 - 2009-07-14 01:32 - 000000000 ___DC C:\Windows\system32\FxsTmp
2022-04-05 22:25 - 2021-12-12 23:53 - 000003380 ____C C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-05 22:25 - 2021-12-12 23:53 - 000003252 ____C C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-29 20:41 - 2015-06-15 18:09 - 000000000 ___DC C:\Users\MARK\Desktop\CB
2022-03-23 23:16 - 2021-03-24 19:10 - 000000000 ___DC C:\Users\MARK\Documents\Easy VHS to DVD Projects

==================== Files in the root of some directories ========

2013-04-29 18:57 - 2013-04-29 18:59 - 000308064 _____ () C:\Users\MARK\AppData\Roaming\CodecsLE_Install.log
2017-08-04 20:04 - 2017-08-04 20:04 - 000000445 _____ () C:\Users\MARK\AppData\Roaming\com.cloudapp.windows.plist
2016-03-13 00:48 - 2021-11-04 15:33 - 000099384 _____ () C:\Users\MARK\AppData\Roaming\inst.exe
2013-11-21 13:22 - 2021-11-04 15:33 - 000007859 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.cat
2013-11-21 13:22 - 2021-11-04 15:33 - 000001167 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.inf
2013-11-21 13:22 - 2021-11-04 15:33 - 000000055 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.log
2013-11-21 13:22 - 2021-11-04 15:33 - 000082816 _____ (VSO Software) C:\Users\MARK\AppData\Roaming\pcouffin.sys
2015-03-21 20:25 - 2015-03-22 13:03 - 000001181 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.1.txt
2015-03-21 20:25 - 2015-03-21 20:25 - 000001181 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.2.txt
2015-03-21 20:25 - 2015-03-22 13:09 - 000000919 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt
2015-03-21 20:25 - 2015-03-22 13:09 - 000000000 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-02-25 16:24 - 2016-08-03 02:41 - 000007601 _____ () C:\Users\MARK\AppData\Local\resmon.resmoncfg
2013-05-16 15:25 - 2022-02-22 00:59 - 004224000 _____ () C:\Users\MARK\AppData\Local\rx_audio.Cache
2013-02-22 20:31 - 2022-02-22 00:59 - 082116608 _____ () C:\Users\MARK\AppData\Local\rx_image32.Cache
2015-03-15 11:04 - 2015-03-15 11:04 - 000000402 _____ () C:\Users\MARK\AppData\Local\Temp-log.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2022-04-07 14:06
==================== End of FRST.txt ========================
 
M
#2 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2022 01
Ran by MARK (15-04-2022 08:48:29)
Running from C:\Users\MARK\Desktop\Fix
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2011-12-31 19:44:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2130412082-872510349-2259372935-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2130412082-872510349-2259372935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2130412082-872510349-2259372935-1002 - Limited - Enabled)
MARK (S-1-5-21-2130412082-872510349-2259372935-1000 - Administrator - Enabled) => C:\Users\MARK
UpdatusUser (S-1-5-21-2130412082-872510349-2259372935-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Security Suite by F-Secure (Enabled - Up to date) {67E93A7F-FDB2-39E8-E991-EA71E0926EF7}
AS: Security Suite by F-Secure (Enabled - Up to date) {DC88DB9B-DB88-3666-D321-D1039B15244A}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{11CAD2D3-0918-4C25-ADEA-6A2E2D8224D2}) (Version: 4.15.1.4190 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{52c19095-d66a-43cc-a45a-ee9434df7074}) (Version: 4.15.1.4190 - Open Media LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Audacity 3.1.3 (64-bit) (HKLM\...\Audacity_is1) (Version: 3.1.3 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother BRAdmin Light 1.33.0000 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.33.0000 - Brother)
Brother iPrint&Scan (HKLM-x32\...\{46bd4d64-821c-40ef-adac-eeef66e8e43f}) (Version: 10.2.0.96 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{7D80A799-A240-42F6-8DDD-A901B3EEA1CF}) (Version: 10.2.0.96 - Brother Industries, Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{C368A17B-6063-4F7A-AE96-76F9DC48C9DF}) (Version: 1.0.5.1 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{EEA8DF77-9D7E-421A-A9A8-A6E9894A18A3}) (Version: 1.0.3.3 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{815D4CF3-0244-4142-98F8-51E5C7442DB7}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{01A1E3D8-E030-4A0B-B91E-4E1E8E1E02D3}) (Version: 1.0.23.1 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Contents (HKLM-x32\...\{C8A4DA60-6A94-4627-B7C9-DB6223D531FE}) (Version: 1.0.0.146 - Corel Corporation) Hidden
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.0.0.148 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.0.0.148 - Corel Corporation)
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.146 - Corel Corporation)
Creator NXT 3 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 16.0.004 - Roxio) Hidden
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell Resource CD (HKLM-x32\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B2}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 8.3 - DiskInternals Research)
Dokan Library 1.4.1.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0001-210114105723}) (Version: 1.4.1.1000 - Dokany Project) Hidden
Dokan Library 1.4.1.1000 Bundle (HKLM-x32\...\{9af3b5e1-ed1b-48df-a34f-22fa6bcc4b04}) (Version: 1.4.1.1000 - Dokany Project)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EaseUS Tool M 1.0 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version: - EaseUS)
ExpressVPN (HKLM-x32\...\{367236cf-79aa-49c6-9982-8bd5637442ac}) (Version: 10.11.0.13 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8767D783E}) (Version: 10.11.0.13 - ExpressVPN) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Graboid Video 3.89 (HKLM-x32\...\Graboid Video) (Version: 3.89 - Graboid Inc.)
HandBrake 1.4.2 (HKLM-x32\...\HandBrake) (Version: 1.4.2 - )
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{6FF1DBC1-A313-460D-B1F2-6444D2F01DEE}) (Version: 2.0.18.1 - Brother Industries Ltd.)
ICA (HKLM-x32\...\{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
IPM_Common_x64 (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.14.626 - Your Company Name) Hidden
IPM_VS_Pro (HKLM-x32\...\{126FB9B0-85B6-476A-AF26-BE008D8DFC53}) (Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{E6FF3475-A35E-481F-8A8E-3D73CF3A30A1}) (Version: 12.10.11.2 - Apple Inc.)
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
LabelCreator (HKLM-x32\...\{B8C23400-237A-40F2-854C-9846DF568075}) (Version: 1.00.0000 - Corel Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Mega Solitaire (HKLM-x32\...\Mega Solitaire) (Version: - )
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Excel 97 (HKLM-x32\...\Excel) (Version: - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook 97 (HKLM-x32\...\Outlook) (Version: - )
Microsoft SkyDrive (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{7BAC9170-359D-4EAD-B6E4-238A14940C11}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.3 - OBS Project)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.1.1.3 - GeoComply)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealProducer Plus 8.5 (HKLM-x32\...\RealProducer 8.5) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator NXT 3 (HKLM-x32\...\{7B4B9450-39C8-454A-AA2D-6548EE4D21EB}) (Version: 16.0.45.9 - Roxio)
Roxio Creator NXT 3 Content (HKLM-x32\...\{2DF5BF6E-D32C-4B81-9012-F62B58AFF819}) (Version: 1.0.4.0 - Roxio)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Easy VHS to DVD Plus (HKLM-x32\...\{532D3949-121B-43C1-8C29-783683525F1B}) (Version: 4.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 2.0 - Roxio)
Roxio MyDVD (HKLM\...\{8E67EEF1-B9D0-42D0-B259-72EF1D4BE4E4}) (Version: 3.0.114.0 - Corel Corporation) Hidden
Roxio MyDVD (HKLM-x32\...\{2AB256B6-DD96-4982-AD46-5DC7B20BA7EF}) (Version: 3.0 - Corel)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Security Suite (HKLM-x32\...\{235B3536-A54E-4072-905F-FEFC431CEB2C}) (Version: 18.2 - F-Secure Corporation)
Setup (HKLM-x32\...\{F2BACD4C-71F0-487C-AC11-247833494E52}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Share (HKLM-x32\...\{4AA35E5E-F12E-4CC9-92CD-049AF647841B}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartGPS Eco (HKLM-x32\...\{F0DF2A34-80D0-477C-8718-7E665341FA55}) (Version: 3.0.0.00 - MiTAC Digital Corp.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SoftwareUpdateNotification (HKLM-x32\...\{013A706A-C8FA-4F56-8641-B8C792BB3CEE}) (Version: 1.0.18.0 - Brother Industries, Ltd.) Hidden
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpyroPortalDriver (HKLM\...\{B2913230-094D-4F41-9EEF-CE9571C450D8}) (Version: 1.0.0 - FS)
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Roku Channel (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\2b3d5ba84e9607495327652aa211a3af) (Version: 1.0 - Google\Chrome)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version: - )
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSClassic (HKLM-x32\...\{3342D238-E332-43BB-B406-C6EE82273708}) (Version: 1.0.0.146 - Corel Corporation) Hidden
VSO ConvertXtoHD 3 (HKLM-x32\...\{57ED9A08-896E-4FD1-A5D8-651D0790DA5A}_is1) (Version: 3.0.0.71 - VSO Software)
VSPro (HKLM-x32\...\{6AA550DB-4863-44C7-863F-4F4C7D13649F}) (Version: 1.0.0.146 - Corel Corporation) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.691 - McAfee, LLC)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Streaming Audio Recorder(Build 2.0.2.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.2.3 - Wondershare Software Co.,Ltd.)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zoom (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation -> Corel Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{ea49acd6-0f0e-5ff1-89c4-30eda3d53b62}\InprocServer32 -> C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\npmgnContentManager64.dll (MiTAC International Corporation -> MiTAC Digital Corp.)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Charter Security Suite\FsShellExtension64.dll [2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] (Corel Corporation -> )
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-08-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers1_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\pdvcodec.dll [265797 2010-03-12] (Matsu****a Electric Industrial Co., Ltd.) [File not signed]
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-13] (Microsoft Windows -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\MARK\Desktop\Gab Social.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=neielcniaeobgbeebfdmpmcoefchbipl
ShortcutWithArgument: C:\Users\MARK\Desktop\The Roku Channel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=igmabefcbafcdmlnijleipocglddpnbn
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Camera.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hfhhnacclhffhdffklopdkcgdhifgngh
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gab Social.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=neielcniaeobgbeebfdmpmcoefchbipl
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\The Roku Channel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=igmabefcbafcdmlnijleipocglddpnbn

==================== Loaded Modules (Whitelisted) =============

2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 ____C () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-03-22 17:21 - 2021-12-06 11:05 - 000542720 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2021-10-28 17:12 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-10-28 17:12 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-04-05 09:53 - 2019-07-26 09:53 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-01-27 15:39 - 2017-08-18 12:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2017-01-27 15:39 - 2017-08-18 12:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2017-01-27 15:33 - 2018-04-27 10:16 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2017-04-05 09:53 - 2019-07-26 09:54 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2018-10-15 21:47 - 2005-04-22 13:36 - 000143360 ____C () [File not signed] C:\Windows\system32\BrSNMP64.dll
2009-12-09 11:24 - 2009-12-09 16:24 - 001371648 _____ () [File not signed] C:\Windows\System32\dleacomc.dll
2009-12-09 11:24 - 2009-12-09 16:24 - 000892416 _____ () [File not signed] C:\Windows\System32\dlealmpm.DLL
2011-12-31 15:54 - 2009-11-04 09:18 - 000189440 _____ () [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 ____C (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 ____C (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2016-04-12 11:07 - 2016-04-12 11:07 - 000067584 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\AppLogLib\BrBFLogI.dll
2018-10-15 21:47 - 2016-11-01 11:27 - 000090112 ____C (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2016-09-29 19:59 - 2014-03-04 15:06 - 000180224 ____C (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBM1E.DLL
2021-10-28 17:12 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https64.dll [2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-03-31] (McAfee, LLC -> McAfee, LLC)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https.dll [2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-04-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-03-31] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-04-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\123simsen.com -> www.123simsen.com

There are 7716 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-12-19 21:18 - 2021-12-19 21:18 - 000000355 ____C C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2130412082-872510349-2259372935-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE" -b
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: dlbamon.exe => "C:\Program Files (x86)\Dell AIO Printer A940\dlbamon.exe"
MSCONFIG\startupreg: EaseUS FixTool => "C:\Program Files (x86)\EaseUS\EaseUS Tool M\bin\EaseUS Tool M.exe" autostart
MSCONFIG\startupreg: EasyHideIPVPN => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\MARK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1429832463\ee\AOLSoftware.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ICF => "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => c:\program files (x86)\real\RealDownloader\downloader2.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A3E79D60-D78C-4908-A19F-A9198A72A1E3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4330BC75-0C59-4E97-97B4-66F6372307B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F14FD71F-DB73-4A73-ABBD-8684304BC899}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2E46833-6F90-4EFE-9D36-4B9C004BE1AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E8618A21-5A22-420D-B01B-E30098310878}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{CAE93EB0-B764-496E-928D-7A3BB74D5761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8C1B05D4-CFF0-43AE-89D7-9B6FE38615F7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A177CACD-4DC6-47ED-8343-52F5089A69A5}] => (Allow) C:\Users\MARK\Desktop\House Photos During\Install\wlan_wiz\.\wlan_assistant\waw.exe () [File not signed]
FirewallRules: [{C08CB953-F2EC-4E4D-9032-03D8282F5E85}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{4F5DCDED-CFDC-4018-BCC6-31EEE56B9AAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [{5360BFF1-C6E7-43E2-9CB3-62E66F60716A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2936D7D4-F31C-44CD-9CAE-16732B6F2F3E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{29BF7702-1853-4466-9461-8A477E4BCB0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1BCDD31-FF4E-4D67-B5C7-0057F0748FCE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8970A003-C233-4194-B28D-E5DD0B7649B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{222C5692-F1FD-4527-A636-7007A304FEF8}] => (Allow) C:\Users\MARK\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{04774071-2440-437D-AA33-C46D222F0144}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9EE12BFE-8B8C-421A-8CA1-CF41F66D03E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E794508D-4817-40D9-9313-608A91660A5E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C53AF4D5-617D-45DA-B8A7-5D1FE40AF12A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E994C680-63E1-4F6D-9C4B-8E82BC6EECA8}] => (Allow) C:\Users\MARK\Desktop\Lawyer\Y17C_C1_ULWL_PP-usa-inst-G1\wlan_wiz\.\wlan_assistant\waw.exe () [File not signed]
FirewallRules: [TCP Query User{B1E056EA-C5CA-40AC-875E-73D786E0863A}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [UDP Query User{5B93C053-363A-4B87-BC4D-667C6500EBE8}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [{4A9449A9-6230-4E34-B3E3-DCB5763212B9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{47EA3372-5167-4A3C-A922-AE53DE45A7F9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{CC878409-04B4-48E3-B998-84DE92175702}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{0A1F7194-D2DE-43AD-ADA8-977C56C7FD90}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{C2EA2CFA-D9C2-4BFC-A59A-9D8A35B54A50}] => (Allow) LPort=80
FirewallRules: [{A78809AB-5788-410B-BB6D-F4DDC5E89383}] => (Allow) LPort=54950
FirewallRules: [{2BCDA72F-7DFE-444E-AF02-BB9D0A2AC5E5}] => (Allow) LPort=54955
FirewallRules: [{5AF9FA8B-383C-4E5C-BB4F-0ABCE83B9719}] => (Allow) C:\Users\MARK\Desktop\NEW JOB\Install\wlan_wiz\.\wlan_assistant\waw.exe () [File not signed]
FirewallRules: [{6529073D-05FF-4BBB-BF95-3188C293D364}] => (Allow) C:\Users\MARK\Desktop\NEW JOB\Install\wlan_wiz\.\wlan_assistant\waw.exe () [File not signed]
FirewallRules: [{95B3F25B-38B7-4466-9237-15BCF1B9D2FD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B11778F-3E30-4692-B564-D565C68FE951}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-03-2022 15:05:05 Scheduled Checkpoint
31-03-2022 01:33:49 Scheduled Checkpoint
03-04-2022 22:04:40 Installed WinZip 26.0.
06-04-2022 18:12:29 Brother iPrint&Scan
11-04-2022 13:47:17 Restore Operation
11-04-2022 16:58:42 Windows Update
13-04-2022 00:06:19 Windows Update
13-04-2022 11:50:35 Windows Update
13-04-2022 12:12:15 Windows Update
14-04-2022 00:34:19 Restore Operation
14-04-2022 03:00:12 Windows Update
14-04-2022 08:46:09 Restore Operation
14-04-2022 09:47:04 Removed Security Suite
14-04-2022 10:17:45 Restore Operation
14-04-2022 14:54:05 Windows Update
15-04-2022 03:00:35 Windows Update

==================== Faulty Device Manager Devices ============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (04/15/2022 08:13:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1

Error: (04/15/2022 08:11:45 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2

System errors:
=============
Error: (04/15/2022 08:51:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/15/2022 08:47:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/15/2022 08:47:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/15/2022 08:45:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/15/2022 08:45:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/15/2022 08:45:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/15/2022 08:45:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/15/2022 08:42:44 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MARK-PC :0" could not be registered on the interface with IP address 192.168.1.54.
The computer with the IP address 192.168.1.45 did not allow the name to be claimed by
this computer.

Windows Defender:
================
Date: 2012-12-06 12:38:35.266
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Event[0]:

Date: 2017-07-10 23:19:38.373
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2016-09-29 11:39:42.279
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-10 17:02:44.289
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-07 15:20:31.801
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-03 21:06:50.287
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: Dell Inc. A06 10/17/2011
Motherboard: Dell Inc. 0Y2MRG
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 14318.45 MB
Available physical RAM: 9071.41 MB
Total Virtual: 28635.04 MB
Available Virtual: 23046.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:114.55 GB) NTFS

\\?\Volume{7c551ac4-2d3e-11e1-bf29-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.25 GB) (Free:2.57 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AC289F96)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
#5 ·
Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and let me know if you consent with them all. As soon as I have your approval, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
Save
Like Like
#7 ·
OK.

Please, first make sure to move the FRST tool on to your Desktop.

Here are my first comments/instructions:

1. Flash Player

This Product reached its end of life since January 2021. Keeping it in your computer is a security risk.

Thus, I recommend you to uninstall the following:

Adobe Flash Player 32 NPAPI
Adobe Flash Player 32 PPAPI

2. Java

There are very few reasons these days to continue having Java installed on your computer.

If you don't need Java at all, uninstall the following:

Java 8 Update 321

3. Antivirus

You have WebAdvisor by McAfee, plus the F-Secure products. While theoretically you can have both, only one must have real-time protection function. Have in mind that installing more than one of those programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
My recommendation:

Uninstall WebAdvisor by McAfee.

4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: ICF => "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{4F5DCDED-CFDC-4018-BCC6-31EEE56B9AAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [TCP Query User{B1E056EA-C5CA-40AC-875E-73D786E0863A}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [UDP Query User{5B93C053-363A-4B87-BC4D-667C6500EBE8}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [{4A9449A9-6230-4E34-B3E3-DCB5763212B9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{47EA3372-5167-4A3C-A922-AE53DE45A7F9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{CC878409-04B4-48E3-B998-84DE92175702}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{0A1F7194-D2DE-43AD-ADA8-977C56C7FD90}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [C17A] => C:\Windows\twain_32\Brimc17a\Common\TwDsUiLaunch.exe (No File)
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {005DDC6D-49D1-4E0B-9355-53FEA4184DA1} - System32\Tasks\{73AF693E-81A9-4B2B-A107-B18644969FDC} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {162B6947-7090-458B-AF1B-14FCC099EB26} - System32\Tasks\{30AF360E-2FDE-48CF-AEE5-73CED99E0D36} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {1A942A5C-FE8D-4049-A9D6-8893D90BA979} - System32\Tasks\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {30B01322-69EC-4752-B5F5-5E732FA4A206} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} - System32\Tasks\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe (No File)
Task: {38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose (No File)
Task: {3A7EAC98-7B48-41A4-8E94-C6A2EFAB8E09} - System32\Tasks\{D573FE2F-4D30-4C7A-84DE-559A093071E5} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {3EAC0684-7A3A-457B-BD39-D4753F28E783} - System32\Tasks\{FA304AB9-ADF2-4B10-ADE2-7C1F781DE923} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {4363E49C-BB9B-4F25-94BB-799A8B2514BE} - System32\Tasks\{3306EC2A-D2DB-45CD-AE27-6DE4F51B8840} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {48AC33C1-BCE1-4066-B273-E095B37F39DF} - System32\Tasks\{F37F1CE0-D36E-4A8A-B618-7BF2349475D1} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {4CCEF7E3-0CC7-488D-9226-593999AC0E27} - System32\Tasks\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => C:\Users\MARK\Downloads\musicmatch10.00.4033.exe (No File)
Task: {4F3B96DC-2F1B-4EE1-9A6D-23F6F7591DE6} - System32\Tasks\{B5B989B7-88B7-4648-93F4-9CC7C6EE1F33} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {50BF9D53-83BC-4D7E-BCB7-F008C9946199} - System32\Tasks\{479B464A-5FCF-410E-AFE0-ED5300A0DDD0} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {51E2506D-181C-4B26-8DB7-5832873E1EA6} - System32\Tasks\Total AV Setup => C:\Program Files (x86)\TotalAV\TotalAV.exe --installed (No File)
Task: {525ADD04-55BA-4913-B544-CBC829CDA221} - System32\Tasks\{9FB150E9-5941-4658-BCD0-641ED11803BF} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {6C1855BB-CB6C-4B53-9530-3270B6823597} - System32\Tasks\{8613CE58-4EC3-4C6F-A0F6-7896C586C02F} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {6C1F26CC-CEF8-4356-B642-B2A7C00FF810} - System32\Tasks\{CFA54DC5-88E4-43F0-AF14-2AB26A5003FB} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} - System32\Tasks\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} - System32\Tasks\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {D2D16E7C-C7C8-469B-8641-39D3B2AA765C} - System32\Tasks\{9FBCC622-5E88-40F3-834C-A5433AC68952} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {FC4664BE-E964-42C1-9890-50E4C2C56B80} - System32\Tasks\{8EDCEDF5-CB08-495E-9AC5-0C3EAD4298F6} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [X]
2022-04-15 04:28 - 2022-04-15 04:28 - 016757088 ____C (Advanced System Repair, Inc.) C:\Users\MARK\Downloads\Advanced-System-Repair-Pro-RepairTool.UN.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. The programs you uninstalled and if the procedure ran smooyhly
  2. The fixlog.txt
 
Save
Like Like
M
#8 ·
I uninstalled WebAdvisor by McAfee , Java and Flash.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by MARK (16-04-2022 13:12:47) Run:1
Running from C:\Users\MARK\Desktop\Fix
Loaded Profiles: MARK & UpdatusUser & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: ICF => "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{4F5DCDED-CFDC-4018-BCC6-31EEE56B9AAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [TCP Query User{B1E056EA-C5CA-40AC-875E-73D786E0863A}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [UDP Query User{5B93C053-363A-4B87-BC4D-667C6500EBE8}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [{4A9449A9-6230-4E34-B3E3-DCB5763212B9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{47EA3372-5167-4A3C-A922-AE53DE45A7F9}] => (Allow) C:\Users\MARK\Desktop\Lawyer\reiboot.exe => No File
FirewallRules: [{CC878409-04B4-48E3-B998-84DE92175702}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{0A1F7194-D2DE-43AD-ADA8-977C56C7FD90}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [C17A] => C:\Windows\twain_32\Brimc17a\Common\TwDsUiLaunch.exe (No File)
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {005DDC6D-49D1-4E0B-9355-53FEA4184DA1} - System32\Tasks\{73AF693E-81A9-4B2B-A107-B18644969FDC} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {162B6947-7090-458B-AF1B-14FCC099EB26} - System32\Tasks\{30AF360E-2FDE-48CF-AEE5-73CED99E0D36} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {1A942A5C-FE8D-4049-A9D6-8893D90BA979} - System32\Tasks\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {30B01322-69EC-4752-B5F5-5E732FA4A206} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} - System32\Tasks\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => C:\Program Files (x86)\AOL Desktop 9.7\aol.exe (No File)
Task: {38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose (No File)
Task: {3A7EAC98-7B48-41A4-8E94-C6A2EFAB8E09} - System32\Tasks\{D573FE2F-4D30-4C7A-84DE-559A093071E5} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {3EAC0684-7A3A-457B-BD39-D4753F28E783} - System32\Tasks\{FA304AB9-ADF2-4B10-ADE2-7C1F781DE923} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {4363E49C-BB9B-4F25-94BB-799A8B2514BE} - System32\Tasks\{3306EC2A-D2DB-45CD-AE27-6DE4F51B8840} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {48AC33C1-BCE1-4066-B273-E095B37F39DF} - System32\Tasks\{F37F1CE0-D36E-4A8A-B618-7BF2349475D1} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {4CCEF7E3-0CC7-488D-9226-593999AC0E27} - System32\Tasks\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => C:\Users\MARK\Downloads\musicmatch10.00.4033.exe (No File)
Task: {4F3B96DC-2F1B-4EE1-9A6D-23F6F7591DE6} - System32\Tasks\{B5B989B7-88B7-4648-93F4-9CC7C6EE1F33} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {50BF9D53-83BC-4D7E-BCB7-F008C9946199} - System32\Tasks\{479B464A-5FCF-410E-AFE0-ED5300A0DDD0} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {51E2506D-181C-4B26-8DB7-5832873E1EA6} - System32\Tasks\Total AV Setup => C:\Program Files (x86)\TotalAV\TotalAV.exe --installed (No File)
Task: {525ADD04-55BA-4913-B544-CBC829CDA221} - System32\Tasks\{9FB150E9-5941-4658-BCD0-641ED11803BF} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {6C1855BB-CB6C-4B53-9530-3270B6823597} - System32\Tasks\{8613CE58-4EC3-4C6F-A0F6-7896C586C02F} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {6C1F26CC-CEF8-4356-B642-B2A7C00FF810} - System32\Tasks\{CFA54DC5-88E4-43F0-AF14-2AB26A5003FB} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} - System32\Tasks\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (No File)
Task: {BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} - System32\Tasks\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe (No File)
Task: {D2D16E7C-C7C8-469B-8641-39D3B2AA765C} - System32\Tasks\{9FBCC622-5E88-40F3-834C-A5433AC68952} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {FC4664BE-E964-42C1-9890-50E4C2C56B80} - System32\Tasks\{8EDCEDF5-CB08-495E-9AC5-0C3EAD4298F6} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [X]
2022-04-15 04:28 - 2022-04-15 04:28 - 016757088 ____C (Advanced System Repair, Inc.) C:\Users\MARK\Downloads\Advanced-System-Repair-Pro-RepairTool.UN.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICF => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Monitor => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroLauncher => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F5DCDED-CFDC-4018-BCC6-31EEE56B9AAB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B1E056EA-C5CA-40AC-875E-73D786E0863A}C:\program files\lghub\lghub_agent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5B93C053-363A-4B87-BC4D-667C6500EBE8}C:\program files\lghub\lghub_agent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A9449A9-6230-4E34-B3E3-DCB5763212B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47EA3372-5167-4A3C-A922-AE53DE45A7F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC878409-04B4-48E3-B998-84DE92175702}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A1F7194-D2DE-43AD-ADA8-977C56C7FD90}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\C17A" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpress" => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{005DDC6D-49D1-4E0B-9355-53FEA4184DA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{005DDC6D-49D1-4E0B-9355-53FEA4184DA1}" => removed successfully
C:\Windows\System32\Tasks\{73AF693E-81A9-4B2B-A107-B18644969FDC} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73AF693E-81A9-4B2B-A107-B18644969FDC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{162B6947-7090-458B-AF1B-14FCC099EB26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{162B6947-7090-458B-AF1B-14FCC099EB26}" => removed successfully
C:\Windows\System32\Tasks\{30AF360E-2FDE-48CF-AEE5-73CED99E0D36} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30AF360E-2FDE-48CF-AEE5-73CED99E0D36}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A942A5C-FE8D-4049-A9D6-8893D90BA979} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A942A5C-FE8D-4049-A9D6-8893D90BA979} => removed successfully
C:\Windows\System32\Tasks\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D3028CF-CE03-4AE4-B144-B8BEB566D687} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30B01322-69EC-4752-B5F5-5E732FA4A206} => not found
C:\Windows\System32\Tasks\GeoComply Service Check => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeoComply Service Check" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3268B6BC-5528-4FB5-A5CC-F1A9064FDBA4} => removed successfully
C:\Windows\System32\Tasks\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5E8CB6B-319E-4F0E-917E-CBAC38E34677} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38D302D2-0E6B-45A9-8EB5-5A6693DA67ED} => removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A7EAC98-7B48-41A4-8E94-C6A2EFAB8E09}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A7EAC98-7B48-41A4-8E94-C6A2EFAB8E09}" => removed successfully
C:\Windows\System32\Tasks\{D573FE2F-4D30-4C7A-84DE-559A093071E5} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D573FE2F-4D30-4C7A-84DE-559A093071E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EAC0684-7A3A-457B-BD39-D4753F28E783}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EAC0684-7A3A-457B-BD39-D4753F28E783}" => removed successfully
C:\Windows\System32\Tasks\{FA304AB9-ADF2-4B10-ADE2-7C1F781DE923} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA304AB9-ADF2-4B10-ADE2-7C1F781DE923}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4363E49C-BB9B-4F25-94BB-799A8B2514BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4363E49C-BB9B-4F25-94BB-799A8B2514BE}" => removed successfully
C:\Windows\System32\Tasks\{3306EC2A-D2DB-45CD-AE27-6DE4F51B8840} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3306EC2A-D2DB-45CD-AE27-6DE4F51B8840}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48AC33C1-BCE1-4066-B273-E095B37F39DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48AC33C1-BCE1-4066-B273-E095B37F39DF}" => removed successfully
C:\Windows\System32\Tasks\{F37F1CE0-D36E-4A8A-B618-7BF2349475D1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F37F1CE0-D36E-4A8A-B618-7BF2349475D1}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CCEF7E3-0CC7-488D-9226-593999AC0E27} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CCEF7E3-0CC7-488D-9226-593999AC0E27} => removed successfully
C:\Windows\System32\Tasks\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13F92E3C-232E-4FA8-8FF7-EEAAF6931DD8} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F3B96DC-2F1B-4EE1-9A6D-23F6F7591DE6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F3B96DC-2F1B-4EE1-9A6D-23F6F7591DE6}" => removed successfully
C:\Windows\System32\Tasks\{B5B989B7-88B7-4648-93F4-9CC7C6EE1F33} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B5B989B7-88B7-4648-93F4-9CC7C6EE1F33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50BF9D53-83BC-4D7E-BCB7-F008C9946199}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50BF9D53-83BC-4D7E-BCB7-F008C9946199}" => removed successfully
C:\Windows\System32\Tasks\{479B464A-5FCF-410E-AFE0-ED5300A0DDD0} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{479B464A-5FCF-410E-AFE0-ED5300A0DDD0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51E2506D-181C-4B26-8DB7-5832873E1EA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E2506D-181C-4B26-8DB7-5832873E1EA6}" => removed successfully
C:\Windows\System32\Tasks\Total AV Setup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Total AV Setup" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{525ADD04-55BA-4913-B544-CBC829CDA221} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{525ADD04-55BA-4913-B544-CBC829CDA221} => removed successfully
C:\Windows\System32\Tasks\{9FB150E9-5941-4658-BCD0-641ED11803BF} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FB150E9-5941-4658-BCD0-641ED11803BF} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1855BB-CB6C-4B53-9530-3270B6823597}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1855BB-CB6C-4B53-9530-3270B6823597}" => removed successfully
C:\Windows\System32\Tasks\{8613CE58-4EC3-4C6F-A0F6-7896C586C02F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8613CE58-4EC3-4C6F-A0F6-7896C586C02F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1F26CC-CEF8-4356-B642-B2A7C00FF810}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1F26CC-CEF8-4356-B642-B2A7C00FF810}" => removed successfully
C:\Windows\System32\Tasks\{CFA54DC5-88E4-43F0-AF14-2AB26A5003FB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFA54DC5-88E4-43F0-AF14-2AB26A5003FB}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8780C8BE-F54B-47DA-85F9-AFDADD2E4C2C} => removed successfully
C:\Windows\System32\Tasks\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F70CAB2-072C-4D42-AEF6-16B1B69095C7} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBAA77C7-8BE7-43D3-BCF8-7BCBB44FEA48} => removed successfully
C:\Windows\System32\Tasks\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E5FFA70-B7B3-4AD7-AF23-C403A980856A} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2D16E7C-C7C8-469B-8641-39D3B2AA765C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D16E7C-C7C8-469B-8641-39D3B2AA765C}" => removed successfully
C:\Windows\System32\Tasks\{9FBCC622-5E88-40F3-834C-A5433AC68952} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FBCC622-5E88-40F3-834C-A5433AC68952}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC4664BE-E964-42C1-9890-50E4C2C56B80}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC4664BE-E964-42C1-9890-50E4C2C56B80}" => removed successfully
C:\Windows\System32\Tasks\{8EDCEDF5-CB08-495E-9AC5-0C3EAD4298F6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EDCEDF5-CB08-495E-9AC5-0C3EAD4298F6}" => removed successfully
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => not found
"C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc." => not found
"C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll" => not found
HKLM\System\CurrentControlSet\Services\PMBDeviceInfoProvider => removed successfully
PMBDeviceInfoProvider => service removed successfully
C:\Users\MARK\Downloads\Advanced-System-Repair-Pro-RepairTool.UN.exe => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains => removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains => removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9871105 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 48728860 B
Edge => 0 B
Chrome => 245867523 B
Firefox => 1126944020 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 128 B
MARK => 73253196 B
UpdatusUser => 73253196 B
Administrator => 73253196 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:15:05 ====
 
#10 ·
Great. (y)

Moving on.

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
Save
Like Like
M
#13 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-16-2022
# Duration: 00:00:20
# OS: Windows 7 Home Premium
# Scanned: 32041
# Detected: 1

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.EasyFileOpener C:\Users\MARK\Desktop\efo

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#14 ·
This is detected as a potentially unwanted program:

C:\Users\MARK\Desktop\efo

It is not installed, and you may seriously consider to delete it.

What about the Malwarebytes report?
 
Save
Like Like
M
#17 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/16/22
Scan Time: 2:14 PM
Log File: 05e96940-bdb1-11ec-b8c0-d4bed98e09bc.json

-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53763
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MARK-PC\MARK

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 374953
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 45 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#18 ·
So... more than an hour to detect nothing. :)

How is the computer running now?

I would like to check fresh FRST logs, please.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
Save
Like Like
M
#21 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022
Ran by MARK (administrator) on MARK-PC (Dell Inc. XPS 8300) (16-04-2022 15:39:31)
Running from C:\Users\MARK\Desktop\Fix
Loaded Profiles: MARK & UpdatusUser
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\FsPisces.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(cmd.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\nif2_ols_ca.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <97>
(explorer.exe ->) (MiTAC International Corporation -> MiTAC) C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\mgnContentManager.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Corel Corporation -> ) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(services.exe ->) (Corel Corporation -> ) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(services.exe ->) (Dell Inc. -> ) C:\Windows\System32\dlbacoms.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe <3>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe <2>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe
(services.exe ->) (GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Leawo Software) [File not signed] C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\dleacoms.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(services.exe ->) (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [333784 2021-03-31] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\UniConverter 13\WSVCUUpdateHelper.exe (No File)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2022-03-02] (Corel Corporation -> WinZip Computing, S.L.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [145344 2019-07-26] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3146752 2021-12-10] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxWatchTray15.exe [295112 2014-09-19] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [377256 2021-11-08] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\Run: [Magellan Update Manager] => C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\mgnContentManager.exe [2705672 2016-01-20] (MiTAC International Corporation -> MiTAC)
HKLM\...\Windows x64\Print Processors\Dell AIO Printer A940 Print Processor: C:\Windows\System32\spool\prtprocs\x64\dlbapp6c.dll [116224 2007-02-20] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\Dell V310-V510 Series Print Processor: C:\Windows\System32\spool\prtprocs\x64\dleadrpp.dll [189440 2009-11-04] () [File not signed]
HKLM\...\Print\Monitors\AIO Printer A940 Port: C:\Windows\System32\dlbalmpm.dll [488448 2007-01-30] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\System32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\Dell Network Port: C:\Windows\System32\dlbalmpm.dll [488448 2007-01-30] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\eLectaDocLoader: C:\Windows\system32\spool\DRIVERS\x64\x64v05.dll [394272 2010-07-19] (ELECTA COMMUNICATIONS LTD -> )
HKLM\...\Print\Monitors\EPSON WF-2760 Series 64MonitorBE: C:\Windows\System32\E_YLMBM1E.DLL [180224 2014-03-04] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\V310-V510 Series Port: C:\Windows\System32\dlealmpm.DLL [892416 2009-12-09] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2022-03-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-04-03]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B636A7-74E2-4F79-B3A8-98027E539CA2} - System32\Tasks\{8FDC0B80-7678-41E1-9268-806703BFBA5D} => C:\Windows\system32\pcalua.exe -a "C:\Users\MARK\Desktop\Kelly\FacebookGameroom (2).exe" -d C:\Users\MARK\Desktop\Kelly
Task: {1274F53D-B68C-4317-BD3A-0B3152232A7C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {16893D80-A7C4-4D00-9202-E1BCEBAF8DC1} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {17195BFF-0EFD-4C3C-BE7C-0DE070599B1D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {1A305002-3E97-4404-B3D5-EC3122B3403B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-24] (Google LLC -> Google LLC)
Task: {1A5EE09C-2008-4618-9E39-C7F6637B2CF9} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {1B9B3C78-0F93-4D76-A863-F659B8796B18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {281A7460-642E-40A2-B0E5-A2D2BA0CC5C4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2130412082-872510349-2259372935-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck (No File)
Task: {2A1A57C1-9965-4151-9556-B8E126BF1521} - System32\Tasks\{2AEA0CFB-6DDA-4ACA-9D51-0CE4A91EA61B} => C:\Program Files (x86)\Roxio Creator NXT\Roxio Central\RoxioCentralFx.exe (No File)
Task: {2DE00C78-BF46-49E7-8C1E-8D19E977FDA5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A4C9BB5-147B-47CB-8157-34D11DDF3D1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DE84952-ECFD-482D-B8F2-1268D979F166} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E7BDD09-57DA-4DB1-9148-B886FE76E795} - System32\Tasks\CCleanerSkipUAC - MARK => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {40FC8802-9F5A-42F6-B95D-6C0067FCEB69} - System32\Tasks\{27003535-56D0-44FC-AE23-EFC0AAFC1A81} => C:\Program Files\iTunes\iTunes.exe [38766552 2021-03-31] (Apple Inc. -> Apple Inc.)
Task: {514F2686-26D1-42E9-BB1F-0F73B9CD9D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-24] (Google LLC -> Google LLC)
Task: {5A680190-A4AD-4180-B563-FD33F1193045} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {79FC83CE-C89D-4589-9D25-A6C9D5BD8E3B} - System32\Tasks\{56517E75-4E43-4B23-9E54-46EF202ADCD5} => C:\Program Files\Google\Chrome\Application\chrome.exe
Task: {89D424EF-B00F-410F-B9FA-3C5E78DBD125} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {89D424EF-B00F-410F-B9FA-3C5E78DBD125} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {9CF8983E-DD17-4374-9CB9-FAEAAA77A6BA} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\Charter Security Suite\fs_hotfix.exe [291992 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
Task: {AFA421D1-D18A-4BC3-9CC5-E3401BB2CF32} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform)
Task: {DBAA8242-0F1D-4F04-94E2-9000B32A82DC} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {DE7EE73C-4B1A-402A-B94D-0775B50E71CA} - System32\Tasks\CorelUpdateHelperTask-C5DAEB98D9E7651CFD40CFAF623A045D => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {E37689B2-96B1-4A41-9A29-508257785AF9} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [3191272 2022-01-08] (GeoComply USA, Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {E9F92CB1-A571-4764-8B01-98CBD5A3A7B8} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {F764CD35-6A5B-4EA9-B378-FF4BA482AC89} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd" (No File)
Task: {FD4538BB-0DD4-44AE-8AA1-D74B44A9CADC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3631C8E6-D178-4917-9B0D-BFB51262D9F1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BFB6B096-4145-4ED2-A8E0-19EDCA9E0ED4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F4D55B96-099B-4FAF-8969-C33F96A7E527}: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF DefaultProfile: b8brb095.default-1496939632495-1640217247736
FF ProfilePath: C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\b8brb095.default-1496939632495-1640217247736 [2022-04-16]
FF Extension: (Browsing Protection by F-Secure) - C:\Users\MARK\AppData\Roaming\Mozilla\Firefox\Profiles\b8brb095.default-1496939632495-1640217247736\Extensions\ols@f-secure.com.xpi [2022-02-22] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-05] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-05] (RealNetworks, Inc.) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF Plugin HKU\S-1-5-21-2130412082-872510349-2259372935-1000: magellangps.com/mgnContentManager -> C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\npmgnContentManager.dll [2016-01-20] (MiTAC International Corporation -> MiTAC Digital Corp.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default [2022-04-16]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://websearch.thesearchpage.info/?pid=2457&r=2015/01/16&hid=16875487775573251436&lg=EN&cc=US&unqvl=74"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Drive) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-15]
CHR Extension: (DuckDuckGo) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-04-14]
CHR Extension: (YouTube) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-15]
CHR Extension: (Honey) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-04-14]
CHR Extension: (Google Search) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2021-01-15]
CHR Extension: (Proxy SwitchySharp) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2021-09-19]
CHR Extension: (Session Buddy) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-01-15]
CHR Extension: (Camera) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2022-02-12]
CHR Extension: (Who Dumped Me?) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgeaeoklapomofpcppeiahpnjadbkim [2021-01-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-14]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2022-04-14]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2021-11-23]
CHR Extension: (Social Video Downloader) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmhdphcfbllelmmdgapkpkhnoonniie [2021-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-15]
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-27]
CHR Profile: C:\Users\MARK\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [495816 2016-01-12] (Corel Corporation -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [46432 2017-04-19] (Corel Corporation -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [321536 2021-12-06] (Brother Industries, Ltd.) [File not signed]
R2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [90112 2021-10-31] (Leawo Software) [File not signed]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-09-27] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 dlba_device; C:\Windows\system32\dlbacoms.exe [567280 2007-03-05] (Dell Inc. -> )
R2 dlba_device; C:\Windows\SysWOW64\dlbacoms.exe [538096 2007-03-05] (Dell Inc. -> )
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-01-07] (Lexmark International, Inc. -> )
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2021-11-08] (EXPRSVPN LLC -> ExpressVPN)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [234648 2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fshoster64.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsorsp64.exe [106136 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulprothoster.exe [415968 2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech)
S3 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [3141608 2022-01-08] (GeoComply USA, Inc. -> GeoComply)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxMediaDB15.exe [1097928 2014-09-19] (Corel Corporation -> Corel Corporation)
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation -> Corel Corporation)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1089536 2019-06-30] (Corel Corporation) [File not signed]
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 3\Common\RoxWatch15.exe [342216 2014-09-19] (Corel Corporation -> Corel Corporation)
S3 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-09-22] (Dell Inc -> SoftThinks SAS)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2022-03-01] (Microsoft) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [19968 2022-03-01] (Microsoft) [File not signed]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [138760 2021-01-14] (ADAPP SASU -> Dokan Project)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2021-11-08] (ExprsVPN LLC -> )
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\Ultralight\ulcore\1649176966\fsulgk.sys [398792 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> LeapFrog)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [51736 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R2 fsnif2; C:\Program Files (x86)\Charter Security Suite\Ultralight\nif2\1643898281\nif2s64.sys [172480 2022-04-14] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 logi_joy_bus_enum; C:\Windows\System32\drivers\logi_joy_bus_enum.sys [37200 2022-02-17] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\System32\drivers\logi_joy_vir_hid.sys [25928 2022-02-17] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\Windows\System32\drivers\logi_joy_xlcore.sys [66896 2022-02-17] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223688 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195024 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-04-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [147880 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2015-03-25] (iolo technologies, LLC -> EldoS Corporation)
S3 RTLUE8023-W7-64; C:\Windows\System32\DRIVERS\rtu64w7.sys [83016 2013-03-12] (Realtek Semiconductor Corp -> Realtek)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [37032 2016-01-12] (Corel Corporation -> Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [28840 2016-01-12] (Corel Corporation -> Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [36520 2016-01-12] (Corel Corporation -> Corel Corporation)
S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek Semiconductor Ltd. -> Syntek)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2015-03-18] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2021-10-08] (ExprsVPN LLC -> The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (AnchorFree Inc -> Anchorfree Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64A.sys [738328 2012-05-04] (Kworld Computer Co., Ltd. -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64A.sys [1226136 2012-05-04] (Kworld Computer Co., Ltd. -> eMPIA Technology, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare Software Co., Ltd. -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-16 14:51 - 2022-04-16 14:51 - 000003208 ____C C:\Windows\system32\Tasks\GeoComply Service Check
2022-04-16 13:54 - 2022-04-16 14:00 - 000000000 ____D C:\AdwCleaner
2022-04-16 13:52 - 2022-04-16 13:54 - 000000000 ___DC C:\Users\MARK\Desktop\Fix2
2022-04-16 13:27 - 2022-04-16 13:27 - 000195024 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-04-16 13:27 - 2022-04-16 13:27 - 000069040 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-04-16 13:26 - 2022-04-16 13:26 - 000147880 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-04-15 09:33 - 2022-04-15 09:33 - 085969096 ____C (Oracle Corporation) C:\Users\MARK\Downloads\jre-8u321-windows-x64.exe
2022-04-15 09:29 - 2022-04-15 09:30 - 001307256 ____C (Oracle Corporation) C:\Users\MARK\Downloads\JavaUninstallTool.exe
2022-04-15 08:41 - 2022-04-16 13:46 - 000000000 ___DC C:\Users\MARK\Desktop\Fix
2022-04-15 08:37 - 2022-04-16 15:41 - 000000000 ____D C:\FRST
2022-04-15 08:24 - 2022-04-15 08:24 - 000223688 ____C (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-04-15 08:21 - 2022-04-15 08:21 - 002443448 ____C (Malwarebytes) C:\Users\MARK\Downloads\MBSetup.exe
2022-04-14 10:45 - 2022-04-14 10:45 - 001343320 ____C (Google LLC) C:\Users\MARK\Downloads\ChromeSetup.exe
2022-04-14 09:56 - 2022-04-14 09:57 - 000267434 ____C C:\Windows\ntbtlog.txt
2022-04-14 09:50 - 2022-04-15 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charter Security Suite
2022-04-14 09:50 - 2022-04-14 09:50 - 000051736 ____C (F-Secure Corporation) C:\Windows\system32\Drivers\fsbts.sys
2022-04-14 09:50 - 2022-04-14 09:50 - 000001979 ____C C:\Users\Public\Desktop\Security Suite.lnk
2022-04-14 09:49 - 2022-04-15 22:17 - 000000000 ___DC C:\Windows\system32\Tasks\F-Secure
2022-04-14 09:49 - 2022-04-15 22:17 - 000000000 ____D C:\Program Files (x86)\Charter Security Suite
2022-04-14 09:49 - 2022-04-14 09:49 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-LEUGB_.exe
2022-04-14 09:48 - 2022-04-14 09:48 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-GUWFX_.exe
2022-04-14 09:45 - 2022-04-14 09:45 - 001664664 ____C (F-Secure Corporation) C:\Users\MARK\Downloads\CharterNetworkInstaller_C-R6DKK-MB86R-BUGN8-X3ZJG-AZJ7P_.exe
2022-04-14 09:26 - 2022-04-15 22:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-14 09:21 - 2022-04-14 09:21 - 000002968 ____C C:\Windows\system32\Tasks\{56517E75-4E43-4B23-9E54-46EF202ADCD5}
2022-04-11 17:12 - 2022-04-11 17:12 - 000002968 ____C C:\Windows\system32\Tasks\{71EF8442-FDBC-498D-A38D-34ABA49D5803}
2022-04-08 12:12 - 2022-04-08 12:12 - 002720981 ____C C:\Users\MARK\Downloads\Hudson_River_Community_CU_Document_update_fo (1).zip
2022-04-08 12:07 - 2022-04-08 12:07 - 002720587 ____C C:\Users\MARK\Downloads\Hudson_River_Community_CU_Document_update_fo.zip
2022-04-07 19:28 - 2022-04-07 19:28 - 000003372 ____C C:\Users\MARK\Desktop\ipconfig.txt
2022-04-06 18:48 - 2022-04-15 21:47 - 000000000 ____D C:\Users\MARK\AppData\Local\Brother_Industries,_Ltd
2022-04-06 18:16 - 2022-04-06 18:16 - 000000948 ____C C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2022-04-05 20:50 - 2022-04-14 09:00 - 000000000 ___DC C:\Users\MARK\Downloads\testdisk-7.1.win64 (1)
2022-04-04 23:49 - 2022-04-04 23:49 - 000174470 ____C C:\Users\MARK\Downloads\747_ZMD17A6I7517948_1649128883_1649128943.mp4
2022-04-04 15:09 - 2022-04-04 15:40 - 000000000 ___DC C:\Users\MARK\Desktop\Cause
2022-04-03 22:09 - 2022-04-03 22:09 - 000003526 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 2
2022-04-03 22:09 - 2022-04-03 22:09 - 000003524 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 3
2022-04-03 22:08 - 2022-04-15 22:17 - 000000000 ____D C:\Users\MARK\AppData\Local\WinZip
2022-04-03 22:08 - 2022-04-15 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-04-03 22:08 - 2022-04-15 22:17 - 000000000 ____D C:\Program Files\WinZip
2022-04-03 22:08 - 2022-04-03 22:08 - 000003524 ____C C:\Windows\system32\Tasks\WinZip Update Notifier 1
2022-04-03 22:08 - 2022-04-03 22:08 - 000001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001880 ____C C:\Users\Public\Desktop\WinZip.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001795 ____C C:\Users\Public\Desktop\WinZip Image Manager.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001791 ____C C:\Users\Public\Desktop\WinZip PDF Express.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-04-03 22:08 - 2022-04-03 22:08 - 000001779 ____C C:\Users\Public\Desktop\WinZip Secure Backup.lnk
2022-04-03 21:56 - 2022-04-03 21:56 - 070833810 ____C C:\Users\MARK\Desktop\Dynastics-HunterMt-78.zip
2022-03-22 19:26 - 2022-04-15 22:17 - 000000000 ____D C:\Users\MARK\AppData\Local\inSSIDer
2022-03-22 19:25 - 2022-03-22 19:26 - 033858464 ____C (MetaGeek, LLC) C:\Users\MARK\Downloads\inSSIDerSetup.exe
2022-03-22 19:07 - 2022-04-15 21:47 - 000000000 ____D C:\Users\MARK\AppData\Local\MetaGeek
2022-03-22 19:07 - 2022-03-22 19:30 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2022-03-22 19:06 - 2022-03-22 19:26 - 000000000 ____D C:\Users\MARK\AppData\Local\SquirrelTemp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-16 14:59 - 2014-04-18 18:49 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-16 13:39 - 2018-10-15 21:28 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2022-04-16 13:35 - 2009-07-14 00:45 - 000031872 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-04-16 13:35 - 2009-07-14 00:45 - 000031872 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-04-16 13:27 - 2021-10-28 12:52 - 000000000 ____D C:\Users\UpdatusUser
2022-04-16 13:27 - 2021-06-20 18:26 - 000000000 ____D C:\Program Files\CCleaner
2022-04-16 13:24 - 2011-12-23 04:18 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-16 13:24 - 2009-07-14 01:08 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2022-04-16 13:09 - 2011-12-23 02:36 - 000000000 ____D C:\Program Files\Java
2022-04-16 13:06 - 2020-10-24 18:36 - 000000000 ____D C:\Program Files\Google
2022-04-16 13:05 - 2011-12-23 02:24 - 000000000 ___DC C:\Windows\SysWOW64\Macromed
2022-04-16 13:05 - 2011-12-23 02:24 - 000000000 ___DC C:\Windows\system32\Macromed
2022-04-16 01:58 - 2016-12-04 15:38 - 000000000 ____D C:\Users\MARK\AppData\LocalLow\Mozilla
2022-04-15 23:23 - 2021-11-16 16:45 - 000003132 ____C C:\Windows\system32\Tasks\CorelUpdateHelperTask-C5DAEB98D9E7651CFD40CFAF623A045D
2022-04-15 22:17 - 2022-01-30 20:55 - 000000000 ___DC C:\Windows\system32\Tasks\Mozilla
2022-04-15 22:17 - 2021-12-22 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-15 22:17 - 2021-11-29 20:30 - 000000000 ____D C:\Program Files\dotnet
2022-04-15 22:17 - 2021-11-16 16:44 - 000000000 ____D C:\ProgramData\Protexis64
2022-04-15 22:17 - 2021-10-30 14:42 - 000000000 ____D C:\ProgramData\WinZip
2022-04-15 22:17 - 2021-08-05 16:02 - 000000000 ___DC C:\Users\MARK\Desktop\Lawyer
2022-04-15 22:17 - 2018-10-15 21:21 - 000000000 ____D C:\Program Files (x86)\Browny02
2022-04-15 22:17 - 2018-10-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2022-04-15 22:17 - 2013-11-08 19:17 - 000000000 ___DC C:\Windows\system32\MRT
2022-04-15 22:17 - 2012-11-21 13:09 - 000000000 ____D C:\ProgramData\Package Cache
2022-04-15 22:17 - 2012-01-23 20:34 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Audacity
2022-04-15 22:17 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\system32\NDF
2022-04-15 22:17 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\inf
2022-04-15 22:16 - 2009-07-13 23:20 - 000000000 ___DC C:\Windows\registration
2022-04-15 21:47 - 2018-10-15 21:15 - 000000000 ____D C:\ProgramData\Brother
2022-04-15 21:47 - 2018-10-15 21:13 - 000000000 ____D C:\Program Files (x86)\Brother
2022-04-15 21:47 - 2013-05-09 12:38 - 000000000 ____D C:\Users\MARK\AppData\Local\Corel_Corporation
2022-04-15 11:54 - 2022-02-08 21:56 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-15 09:31 - 2012-03-20 13:42 - 000000000 ____D C:\Program Files (x86)\Java
2022-04-15 08:24 - 2020-07-03 10:45 - 000001922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-15 08:24 - 2020-07-03 10:45 - 000001910 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-15 08:21 - 2018-11-18 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-15 08:21 - 2015-04-03 14:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-15 03:01 - 2012-01-21 04:00 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-14 10:48 - 2020-10-24 20:04 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 10:08 - 2009-07-14 01:13 - 000782470 ____C C:\Windows\system32\PerfStringBackup.INI
2022-04-14 10:04 - 2021-07-19 00:11 - 000248992 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-04-14 09:59 - 2012-01-20 18:08 - 000000000 ____D C:\Users\MARK\AppData\Local\ElevatedDiagnostics
2022-04-14 09:50 - 2020-12-20 20:37 - 000000000 ____D C:\ProgramData\F-Secure
2022-04-14 09:28 - 2021-11-16 23:51 - 000003870 ____C C:\Windows\system32\Tasks\CCleaner Update
2022-04-14 09:22 - 2017-05-06 19:29 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-14 09:12 - 2011-12-31 15:44 - 000000000 ____D C:\Users\MARK
2022-04-14 09:06 - 2016-03-12 16:25 - 000000000 ____D C:\Users\Administrator
2022-04-11 20:03 - 2018-06-12 14:04 - 000002163 ____C C:\Users\MARK\Desktop\Google Chrome.lnk
2022-04-10 20:32 - 2021-10-18 23:32 - 000000000 ___DC C:\Users\MARK\Desktop\NEW JOB
2022-04-07 00:49 - 2022-03-13 12:48 - 000000000 ___DC C:\Users\MARK\Desktop\AAA HRCCU Car Loan
2022-04-07 00:10 - 2018-10-15 21:21 - 000002050 ____C C:\Users\Public\Desktop\Brother Creative Center.lnk
2022-04-06 18:48 - 2018-10-15 23:52 - 000000000 ___DC C:\Users\MARK\AppData\Roaming\Brother
2022-04-06 18:24 - 2009-07-14 01:32 - 000000000 ___DC C:\Windows\system32\FxsTmp
2022-04-05 22:25 - 2021-12-12 23:53 - 000003380 ____C C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-05 22:25 - 2021-12-12 23:53 - 000003252 ____C C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-29 20:41 - 2015-06-15 18:09 - 000000000 ___DC C:\Users\MARK\Desktop\CB
2022-03-23 23:16 - 2021-03-24 19:10 - 000000000 ___DC C:\Users\MARK\Documents\Easy VHS to DVD Projects

==================== Files in the root of some directories ========

2013-04-29 18:57 - 2013-04-29 18:59 - 000308064 _____ () C:\Users\MARK\AppData\Roaming\CodecsLE_Install.log
2017-08-04 20:04 - 2017-08-04 20:04 - 000000445 _____ () C:\Users\MARK\AppData\Roaming\com.cloudapp.windows.plist
2016-03-13 00:48 - 2021-11-04 15:33 - 000099384 _____ () C:\Users\MARK\AppData\Roaming\inst.exe
2013-11-21 13:22 - 2021-11-04 15:33 - 000007859 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.cat
2013-11-21 13:22 - 2021-11-04 15:33 - 000001167 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.inf
2013-11-21 13:22 - 2021-11-04 15:33 - 000000055 _____ () C:\Users\MARK\AppData\Roaming\pcouffin.log
2013-11-21 13:22 - 2021-11-04 15:33 - 000082816 _____ (VSO Software) C:\Users\MARK\AppData\Roaming\pcouffin.sys
2015-03-21 20:25 - 2015-03-22 13:03 - 000001181 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.1.txt
2015-03-21 20:25 - 2015-03-21 20:25 - 000001181 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.2.txt
2015-03-21 20:25 - 2015-03-22 13:09 - 000000919 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt
2015-03-21 20:25 - 2015-03-22 13:09 - 000000000 _____ () C:\Users\MARK\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-02-25 16:24 - 2016-08-03 02:41 - 000007601 _____ () C:\Users\MARK\AppData\Local\resmon.resmoncfg
2013-05-16 15:25 - 2022-02-22 00:59 - 004224000 _____ () C:\Users\MARK\AppData\Local\rx_audio.Cache
2013-02-22 20:31 - 2022-02-22 00:59 - 082116608 _____ () C:\Users\MARK\AppData\Local\rx_image32.Cache
2015-03-15 11:04 - 2015-03-15 11:04 - 000000402 _____ () C:\Users\MARK\AppData\Local\Temp-log.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2022-04-07 14:06
==================== End of FRST.txt ========================
 
M
#22 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by MARK (16-04-2022 15:42:34)
Running from C:\Users\MARK\Desktop\Fix
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2011-12-31 19:44:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2130412082-872510349-2259372935-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2130412082-872510349-2259372935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2130412082-872510349-2259372935-1002 - Limited - Enabled)
MARK (S-1-5-21-2130412082-872510349-2259372935-1000 - Administrator - Enabled) => C:\Users\MARK
UpdatusUser (S-1-5-21-2130412082-872510349-2259372935-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Security Suite by F-Secure (Enabled - Up to date) {67E93A7F-FDB2-39E8-E991-EA71E0926EF7}
AS: Security Suite by F-Secure (Enabled - Up to date) {DC88DB9B-DB88-3666-D321-D1039B15244A}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{11CAD2D3-0918-4C25-ADEA-6A2E2D8224D2}) (Version: 4.15.1.4190 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{52c19095-d66a-43cc-a45a-ee9434df7074}) (Version: 4.15.1.4190 - Open Media LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Audacity 3.1.3 (64-bit) (HKLM\...\Audacity_is1) (Version: 3.1.3 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother BRAdmin Light 1.33.0000 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.33.0000 - Brother)
Brother iPrint&Scan (HKLM-x32\...\{46bd4d64-821c-40ef-adac-eeef66e8e43f}) (Version: 10.2.0.96 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{7D80A799-A240-42F6-8DDD-A901B3EEA1CF}) (Version: 10.2.0.96 - Brother Industries, Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{C368A17B-6063-4F7A-AE96-76F9DC48C9DF}) (Version: 1.0.5.1 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{EEA8DF77-9D7E-421A-A9A8-A6E9894A18A3}) (Version: 1.0.3.3 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{815D4CF3-0244-4142-98F8-51E5C7442DB7}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{01A1E3D8-E030-4A0B-B91E-4E1E8E1E02D3}) (Version: 1.0.23.1 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Contents (HKLM-x32\...\{C8A4DA60-6A94-4627-B7C9-DB6223D531FE}) (Version: 1.0.0.146 - Corel Corporation) Hidden
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.0.0.148 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.0.0.148 - Corel Corporation)
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.146 - Corel Corporation)
Creator NXT 3 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 16.0.004 - Roxio) Hidden
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell Resource CD (HKLM-x32\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B2}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 8.3 - DiskInternals Research)
Dokan Library 1.4.1.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0001-210114105723}) (Version: 1.4.1.1000 - Dokany Project) Hidden
Dokan Library 1.4.1.1000 Bundle (HKLM-x32\...\{9af3b5e1-ed1b-48df-a34f-22fa6bcc4b04}) (Version: 1.4.1.1000 - Dokany Project)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EaseUS Tool M 1.0 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version: - EaseUS)
ExpressVPN (HKLM-x32\...\{367236cf-79aa-49c6-9982-8bd5637442ac}) (Version: 10.11.0.13 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8767D783E}) (Version: 10.11.0.13 - ExpressVPN) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Graboid Video 3.89 (HKLM-x32\...\Graboid Video) (Version: 3.89 - Graboid Inc.)
HandBrake 1.4.2 (HKLM-x32\...\HandBrake) (Version: 1.4.2 - )
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{6FF1DBC1-A313-460D-B1F2-6444D2F01DEE}) (Version: 2.0.18.1 - Brother Industries Ltd.)
ICA (HKLM-x32\...\{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
IPM_Common_x64 (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.14.626 - Your Company Name) Hidden
IPM_VS_Pro (HKLM-x32\...\{126FB9B0-85B6-476A-AF26-BE008D8DFC53}) (Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{E6FF3475-A35E-481F-8A8E-3D73CF3A30A1}) (Version: 12.10.11.2 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
LabelCreator (HKLM-x32\...\{B8C23400-237A-40F2-854C-9846DF568075}) (Version: 1.00.0000 - Corel Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Mega Solitaire (HKLM-x32\...\Mega Solitaire) (Version: - )
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Excel 97 (HKLM-x32\...\Excel) (Version: - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook 97 (HKLM-x32\...\Outlook) (Version: - )
Microsoft SkyDrive (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{7BAC9170-359D-4EAD-B6E4-238A14940C11}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.3 - OBS Project)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.1.1.3 - GeoComply)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealProducer Plus 8.5 (HKLM-x32\...\RealProducer 8.5) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator NXT 3 (HKLM-x32\...\{7B4B9450-39C8-454A-AA2D-6548EE4D21EB}) (Version: 16.0.45.9 - Roxio)
Roxio Creator NXT 3 Content (HKLM-x32\...\{2DF5BF6E-D32C-4B81-9012-F62B58AFF819}) (Version: 1.0.4.0 - Roxio)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Easy VHS to DVD Plus (HKLM-x32\...\{532D3949-121B-43C1-8C29-783683525F1B}) (Version: 4.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 2.0 - Roxio)
Roxio MyDVD (HKLM\...\{8E67EEF1-B9D0-42D0-B259-72EF1D4BE4E4}) (Version: 3.0.114.0 - Corel Corporation) Hidden
Roxio MyDVD (HKLM-x32\...\{2AB256B6-DD96-4982-AD46-5DC7B20BA7EF}) (Version: 3.0 - Corel)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Security Suite (HKLM-x32\...\{235B3536-A54E-4072-905F-FEFC431CEB2C}) (Version: 18.2 - F-Secure Corporation)
Setup (HKLM-x32\...\{F2BACD4C-71F0-487C-AC11-247833494E52}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Share (HKLM-x32\...\{4AA35E5E-F12E-4CC9-92CD-049AF647841B}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartGPS Eco (HKLM-x32\...\{F0DF2A34-80D0-477C-8718-7E665341FA55}) (Version: 3.0.0.00 - MiTAC Digital Corp.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SoftwareUpdateNotification (HKLM-x32\...\{013A706A-C8FA-4F56-8641-B8C792BB3CEE}) (Version: 1.0.18.0 - Brother Industries, Ltd.) Hidden
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpyroPortalDriver (HKLM\...\{B2913230-094D-4F41-9EEF-CE9571C450D8}) (Version: 1.0.0 - FS)
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc)
The Roku Channel (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\2b3d5ba84e9607495327652aa211a3af) (Version: 1.0 - Google\Chrome)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version: - )
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSClassic (HKLM-x32\...\{3342D238-E332-43BB-B406-C6EE82273708}) (Version: 1.0.0.146 - Corel Corporation) Hidden
VSO ConvertXtoHD 3 (HKLM-x32\...\{57ED9A08-896E-4FD1-A5D8-651D0790DA5A}_is1) (Version: 3.0.0.71 - VSO Software)
VSPro (HKLM-x32\...\{6AA550DB-4863-44C7-863F-4F4C7D13649F}) (Version: 1.0.0.146 - Corel Corporation) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Streaming Audio Recorder(Build 2.0.2.3) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.0.2.3 - Wondershare Software Co.,Ltd.)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zoom (HKU\S-1-5-21-2130412082-872510349-2259372935-1000\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation -> Corel Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{ea49acd6-0f0e-5ff1-89c4-30eda3d53b62}\InprocServer32 -> C:\Users\MARK\AppData\Roaming\MiTAC Digital Corporation\mgnContentManager\3.0.0.00\npmgnContentManager64.dll (MiTAC International Corporation -> MiTAC Digital Corp.)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2130412082-872510349-2259372935-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MARK\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\Charter Security Suite\FsShellExtension64.dll [2022-03-24] (F-Secure Corporation -> F-Secure Corporation)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] (Corel Corporation -> )
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-08-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers1_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2130412082-872510349-2259372935-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation -> Corel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\pdvcodec.dll [265797 2010-03-12] (Matsu****a Electric Industrial Co., Ltd.) [File not signed]
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-13] (Microsoft Windows -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\MARK\Desktop\Gab Social.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=neielcniaeobgbeebfdmpmcoefchbipl
ShortcutWithArgument: C:\Users\MARK\Desktop\The Roku Channel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=igmabefcbafcdmlnijleipocglddpnbn
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Camera.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hfhhnacclhffhdffklopdkcgdhifgngh
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gab Social.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=neielcniaeobgbeebfdmpmcoefchbipl
ShortcutWithArgument: C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\The Roku Channel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=igmabefcbafcdmlnijleipocglddpnbn

==================== Loaded Modules (Whitelisted) =============

2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 ____C () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-03-22 17:21 - 2021-12-06 11:05 - 000542720 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2021-10-28 17:12 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-10-28 17:12 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-04-05 09:53 - 2019-07-26 09:53 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-01-27 15:39 - 2017-08-18 12:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2017-01-27 15:39 - 2017-08-18 12:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2017-01-27 15:33 - 2018-04-27 10:16 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2017-04-05 09:53 - 2019-07-26 09:54 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2018-10-15 21:47 - 2005-04-22 13:36 - 000143360 ____C () [File not signed] C:\Windows\system32\BrSNMP64.dll
2009-12-09 11:24 - 2009-12-09 16:24 - 001371648 _____ () [File not signed] C:\Windows\System32\dleacomc.dll
2009-12-09 11:24 - 2009-12-09 16:24 - 000892416 _____ () [File not signed] C:\Windows\System32\dlealmpm.DLL
2011-12-31 15:54 - 2009-11-04 09:18 - 000189440 _____ () [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 ____C (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 ____C (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2016-04-12 11:07 - 2016-04-12 11:07 - 000067584 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\AppLogLib\BrBFLogI.dll
2018-10-15 21:47 - 2016-11-01 11:27 - 000090112 ____C (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2013-08-09 15:37 - 2013-08-09 15:37 - 001331480 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2016-09-29 19:59 - 2014-03-04 15:06 - 000180224 ____C (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBM1E.DLL
2021-10-28 17:12 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https64.dll [2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\Ultralight\http\1647346890\browser\fs_ie_https\fs_ie_https.dll [2022-04-14] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-12-19 21:18 - 2021-12-19 21:18 - 000000355 ____C C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130412082-872510349-2259372935-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MARK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2130412082-872510349-2259372935-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MARK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE" -b
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: dlbamon.exe => "C:\Program Files (x86)\Dell AIO Printer A940\dlbamon.exe"
MSCONFIG\startupreg: EaseUS FixTool => "C:\Program Files (x86)\EaseUS\EaseUS Tool M\bin\EaseUS Tool M.exe" autostart
MSCONFIG\startupreg: EasyHideIPVPN => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
MSCONFIG\startupreg: Google Update => "C:\Users\MARK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1429832463\ee\AOLSoftware.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => c:\program files (x86)\real\RealDownloader\downloader2.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RunDLLEntry_EptMon => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MSCONFIG\startupreg: RunDLLEntry_THXCfg => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F21C0BCE-65B5-40EC-A390-F937741C1851}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{A42FFD40-7349-455F-AD40-CD2B2CCD210F}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-04-2022 22:04:40 Installed WinZip 26.0.
06-04-2022 18:12:29 Brother iPrint&Scan
11-04-2022 13:47:17 Restore Operation
11-04-2022 16:58:42 Windows Update
13-04-2022 00:06:19 Windows Update
13-04-2022 11:50:35 Windows Update
13-04-2022 12:12:15 Windows Update
14-04-2022 00:34:19 Restore Operation
14-04-2022 03:00:12 Windows Update
14-04-2022 08:46:09 Restore Operation
14-04-2022 09:47:04 Removed Security Suite
14-04-2022 10:17:45 Restore Operation
14-04-2022 14:54:05 Windows Update
15-04-2022 03:00:35 Windows Update
15-04-2022 09:28:02 Removed JavaFX 2.1.1
15-04-2022 21:04:25 Restore Operation
16-04-2022 13:08:51 Removed Java 8 Update 321 (64-bit)
16-04-2022 13:12:48 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (04/16/2022 01:25:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[4]: 192.168.1.54

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[3]: 2603:7080:ba01:366c:d9bb:3be4:6486:d339

Error: (04/16/2022 01:24:56 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[2]: 2603:7080:ba01:366c:99c:936:b543:5921

System errors:
=============
Error: (04/16/2022 03:46:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/16/2022 03:32:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 03:32:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 02:32:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 02:32:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 02:00:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 02:00:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/16/2022 01:44:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Windows Defender:
================
Date: 2012-12-06 12:38:35.266
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Event[0]:

Date: 2017-07-10 23:19:38.373
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2016-09-29 11:39:42.279
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-10 17:02:44.289
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-07 15:20:31.801
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2013-04-03 21:06:50.287
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: Dell Inc. A06 10/17/2011
Motherboard: Dell Inc. 0Y2MRG
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 14318.45 MB
Available physical RAM: 4331.31 MB
Total Virtual: 28635.04 MB
Available Virtual: 6414.38 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:116.72 GB) NTFS

\\?\Volume{7c551ac4-2d3e-11e1-bf29-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:13.25 GB) (Free:2.56 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AC289F96)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking