Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by Rick (administrator) on HAL (Acer Aspire TC-605) (08-05-2024 19:26:34)
Running from C:\Users\Rick\Desktop\FRST64.exe
Loaded Profiles: Rick
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(explorer.exe ->) (Ashampoo GmbH & Co. KG -> Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Taskbar Customizer\ATBCustomizer.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\timeserv.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.3.2\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.3.2\nsWscSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed]
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [5321728 2016-08-16] () [File not signed]
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [603504 2021-07-05] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1572200 2021-12-08] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [MicrosoftEdgeAutoLaunch_EF09251048DD056187DB9D41D3C2F7EB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Ashampoo Taskbar Customizer] => C:\Program Files (x86)\Ashampoo\Ashampoo Taskbar Customizer\ATBCustomizer.exe [3351464 2019-09-26] (Ashampoo GmbH & Co. KG -> Ashampoo Development GmbH & Co. KG)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\MountPoints2: {11745b8d-56ec-11ea-add2-40f02f1b2390} - "D:\HPLauncher.exe" 
HKU\S-1-5-21-256949468-1460428694-2583359438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS9500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDER.DLL [529408 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: CNCALBL.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9100 series: CNMLMDN.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9500 series: C:\WINDOWS\system32\CNMLMER.DLL [950272 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-100 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMIGE.DLL [120320 2014-12-04] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.119\Installer\chrmstp.exe [2024-05-03] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\124.1.65.126\Installer\chrmstp.exe [2024-05-02] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luminar Neo.lnk [2023-10-21]
ShortcutTarget: Luminar Neo.lnk -> C:\Program Files\Skylum\Luminar Neo\Luminar Neo.exe (Skylum Software USA, Inc. -> Skylum)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2020-10-10]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (American Greetings, Inc. -> Webshots.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2020-08-18]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D3FD145-F67A-4D5B-866F-E78EF6D2321B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-11-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C3EF17CF-0130-44B7-9BBE-7D9F06AA618E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {BCFBCFB0-70B0-47B4-B4A1-D88C3F158B0F} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0DBB4385-3352-4D85-B24E-D654410E2ECB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {175605D2-8C58-42A2-90CB-386F13AAF1C4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E7224AAF-2B73-4117-B1EA-80CE13F5AB33} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {6F60D23C-42FE-44CD-89E3-C42E5E5AAB1F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "dcf4fcfc-891a-4d06-bd17-5af257bb5e05" --version "6.23.11010" --silent
Task: {68BF869C-4A66-4BB7-841B-35158114BECB} - System32\Tasks\CCleanerSkipUAC - Rick => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {51385BC8-6F76-4FA7-97E1-C480436221B2} - System32\Tasks\DuplicatePhotoCleaner => C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe [7131408 2022-12-07] (Webminds, Inc. -> Webminds, Inc.)
Task: {DC64B245-D027-418F-9B3A-CCC797766EB8} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{6FA1621E-9F25-44AE-8AD3-C31A3E355D08} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
Task: {EE80212A-CE47-44DD-873C-C9754401E075} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {54B2EFEB-1ADC-46A5-92C7-B64CACC3E4B9} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-256949468-1460428694-2583359438-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D122626C-4277-4FED-A7C3-998B28F92973} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-04-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {104CA619-8E13-4B95-A19D-A490C700B115} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {E561E097-05FC-4529-B6D1-B518457A41B3} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {21145954-9ABB-4B18-80E6-841374652EF6} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {0194DEC8-DAFC-4936-B3F9-46258074BC0F} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe  /ui (No File)
Task: {2BDB19C3-EF96-4098-AE13-7AB70E153421} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe  /analyze (No File)
Task: {A91EE356-DE0A-40DA-BE57-695FDCC4B667} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe  /submit (No File)
Task: {2964EC9E-A7D8-4A17-A7BC-7E293C23C251} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.3.2\WSCStub.exe [646520 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3500DB66-7249-492D-A607-16686E850D39} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2021-09-09] () [File not signed]
Task: {97AFCCB1-6A02-4653-8D99-EBBBCF0B639F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvContainer\-d "C:\Program Files (x86)\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {AF63EC5D-3FDC-4A94-A5A8-866371F7740C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1F493D6D-2C88-4103-81D8-7EEF1920350B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1A752B1B-56D1-4C68-B5C7-228133B40A75} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {945FB4D6-6BF4-4E70-B59F-744473806AD9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {64537EEC-2771-4242-A7F5-88D30912B1EA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E6D6B4C-4A1A-406C-ACEB-E424D04B8716} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ED984D0E-F8E1-4B5E-9BCE-DE993B9AD3C9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {95928CAF-74AD-44E8-B6AA-39CA7AF65E64} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B7464592-8E28-463C-A92A-6CB5CC7D7CCD} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe  -> C:\Program Files\Norton Utilities Premium\-appexecutable nup.exe -tuds
Task: {6F8318DB-663F-47BC-85A8-B4201212E00A} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [24432 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7a6bdbe5-4a2d-41bb-9716-f163a14c067c}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7a6bdbe5-4a2d-41bb-9716-f163a14c067c}: [DhcpDomain] gateway
Tcpip\..\Interfaces\{bea8e2f7-34fe-471f-b613-68f988580f8e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{bea8e2f7-34fe-471f-b613-68f988580f8e}: [DhcpDomain] gateway

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-07]
Edge StartupUrls: Default -> "hxxps://www.google.com.au/"
Edge NewTab: Default -> "active": false,
            "entry": "chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html"
          
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2024-04-07]
Edge Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-30]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-14]
Edge Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]
Edge Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2024-02-17]
Edge Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2024-04-06]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: jqfpk2wu.default
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\jqfpk2wu.default [2023-06-14]
FF Homepage: Mozilla\Firefox\Profiles\jqfpk2wu.default -> hxxp://search.notepad.com
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release [2024-05-08]
FF Homepage: Mozilla\Firefox\Profiles\7c9zc584.default-release -> moz-extension://ca29783f-f692-4eef-bde9-edcc988830ba/homePage.html
FF HomepageOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonsafesearch_ul_2@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: amazon@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: ebay@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: ddg@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: bing@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: google@search.mozilla.org
FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\idsafe@norton.com.xpi [2023-05-02]
FF Extension: (Norton Home Page) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonhomepage@symantec.com.xpi [2023-05-02] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2023-01-03] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2023-01-24]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-05-26]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2024-05-08]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.instagram.com
CHR HomePage: Default -> hxxps://wwwgoogle.com.au/webhp?cr=countryAU&tbs=ctr:countryAU&pli=1
CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?hl=en&sa=X&ved=0ahUKEwjMxeOmhdz2AhUdx4sBHb2tBswQPAgI"
CHR NewTab: Default ->  Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html", Not-active:"chrome-extension://eoigllimhcllmhedfbmahegmoakcdakd/homePageRedirect.html"
CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-04-18]
CHR Extension: (DuckDuckGo) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-03-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2020-02-07]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoigllimhcllmhedfbmahegmoakcdakd [2023-05-10]
CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2024-04-06]
CHR Extension: (APK Downloader) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2024-03-05]
CHR Extension: (Tomba - Email Finder & Email Extractor Plus) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjegjggphchjckknoooajmklibccjb [2024-04-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11]
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-21]
CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2024-04-05]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2024-04-05]
CHR Extension: (Save Image As PNG) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkokmeaibnajheohncaamjggkanfbphi [2022-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-17]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-05-07]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-07]
CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-05-08]
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Google Translate) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-23]
BRA Extension: (Tampermonkey) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-05-05]
BRA Profile: C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1 [2024-05-07]
BRA Extension: (Tampermonkey) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-01-15]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-15]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-05-08]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-05-08]
BRA Extension: (Brave NTP background images) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-05]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-05-08]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-22]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-05-08]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-22]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-16]
BRA Extension: (Brave User Model Installer) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-04-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2024-05-08]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-05-08]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-15]
BRA Extension: (Brave Ads Resources) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\kklfafolbojbonkjgifmmkdmaaimminj [2024-03-01]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-05-05]
BRA Extension: (Brave Ads Resources) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2024-01-29]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-29]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-11-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe [1102328 2023-02-24] (AOMEI International Network Limited -> AOMEI International Network Limited)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService1da293feac00bfa; C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\124.1.65.126\elevation_service.exe [2680344 2024-05-01] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144784 2018-04-18] (Canon Inc. -> CANON INC.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2433528 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 GoogleUpdaterInternalService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC)
S3 hasplms; C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe [5730312 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NativePushService; C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595352 2023-08-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.3.2\NortonSecurity.exe [344888 2024-04-05] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.3.2\nsWscSvc.exe [1059176 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [18135808 2023-11-17] (Logitech Inc -> Logitech, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksdf; C:\WINDOWS\system32\drivers\aksdf.sys [389560 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [510800 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2023-04-13] (AOMEI International Network Limited -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2023-04-13] (AOMEI International Network Limited -> )
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.1.21\Definitions\BASHDefs\20240507.001\BHDrvx64.sys [1706496 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\ccSetx64.sys [198288 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [77904 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [25200 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-06-21] (X-Rite Incorporated -> GretagMacbeth LLC)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1970104 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.1.21\Definitions\IPSDefs\20240507.064\IDSvia64.sys [1554432 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2021-02-23] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2021-02-23] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2021-02-23] (Logitech Inc -> Logitech)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [72792 2021-12-01] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\nsvst.sys [57120 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SRTSP64.SYS [960640 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SRTSPX64.SYS [52864 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SYMEFASI64.SYS [2180248 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SymELAM.sys [36016 2024-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100344 2023-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.1.21\SymPlatform\SymEvnt.sys [934912 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\Ironx64.SYS [306872 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\symnets.sys [492720 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41400 2020-11-16] (McAfee, LLC. -> The OpenVPN Project)
S2 Vcs; C:\WINDOWS\SysWOW64\Drivers\Vcs.sys [6852 2010-12-02] () [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2018-08-13] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\wpCtrlDrv.sys [1016792 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S1 netfilter2; system32\drivers\netfilter2.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-08 19:26 - 2024-05-08 19:27 - 000049964 _____ C:\Users\Rick\Desktop\FRST.txt
2024-05-08 19:25 - 2024-05-08 19:26 - 000000000 ____D C:\FRST
2024-05-08 16:25 - 2024-05-08 16:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-05-08 15:56 - 2024-05-08 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-05-08 06:11 - 2024-05-08 06:11 - 002394112 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2024-05-07 23:15 - 2024-05-07 23:15 - 000267312 _____ C:\WINDOWS\system32\lc.dat
2024-05-07 16:45 - 2024-05-07 16:45 - 000545545 _____ C:\Users\Rick\Documents\Publication1.pdf
2024-05-05 00:22 - 2024-05-08 15:56 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-02 16:18 - 2024-05-02 16:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-05-01 04:36 - 2024-05-01 04:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-04-30 03:52 - 2024-04-30 03:52 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-256949468-1460428694-2583359438-1001
2024-04-30 03:52 - 2024-04-30 03:52 - 000002379 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-25 18:44 - 2024-04-30 04:05 - 000000000 ____D C:\Users\Rick\Desktop\1
2024-04-24 01:11 - 2024-04-24 01:11 - 000000000 ____D C:\Voiceover
2024-04-24 01:05 - 2024-04-24 22:42 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2024-04-22 04:21 - 2024-04-22 04:29 - 000000000 ____D C:\Users\Rick\AppData\Local\Vistaprint.au Photo Books
2024-04-22 04:21 - 2024-04-22 04:21 - 000000000 ____D C:\Users\Rick\AppData\Local\apc.exe.WebView2
2024-04-20 15:56 - 2024-04-20 15:56 - 000000000 ____D C:\Program Files (x86)\Flip PDF
2024-04-18 22:19 - 2024-04-19 19:43 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-18 22:19 - 2024-04-18 22:19 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-18 22:19 - 2024-04-18 22:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-17 01:14 - 2024-05-03 01:14 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CompuClever
2024-04-13 17:23 - 2024-04-13 17:28 - 000000010 _____ C:\WINDOWS\Wininit.ini
2024-04-13 17:23 - 2024-04-13 17:23 - 000000024 _____ C:\WINDOWS\Au1tgr.ns
2024-04-13 17:23 - 2024-04-13 17:23 - 000000000 ____D C:\WINDOWS\Noslip
2024-04-13 03:55 - 2024-05-08 16:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2024-04-13 03:55 - 2024-04-13 04:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2024-04-13 03:55 - 2024-04-13 03:55 - 000003374 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2024-04-10 13:56 - 2024-04-10 13:56 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-10 13:56 - 2024-04-10 13:56 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-10 13:47 - 2024-04-10 13:47 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-08 19:26 - 2023-01-20 20:03 - 000000000 ____D C:\Program Files\CCleaner
2024-05-08 19:25 - 2020-02-18 13:55 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Publisher Building Blocks
2024-05-08 19:18 - 2023-07-29 23:29 - 000000000 ____D C:\Users\Rick\AppData\Local\Norton
2024-05-08 19:17 - 2020-02-18 13:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Publisher
2024-05-08 19:07 - 2021-12-17 22:55 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-08 18:51 - 2023-02-04 14:13 - 000000000 ____D C:\Users\Rick\AppData\Local\LogiOptionsPlus
2024-05-08 18:40 - 2020-10-10 05:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-08 16:04 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-08 16:04 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-08 16:03 - 2020-10-10 05:30 - 000005772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-08 16:03 - 2020-10-10 05:27 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3711FA49-9F56-4A78-9607-6108E536D6A6}
2024-05-08 16:02 - 2020-01-31 12:37 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-08 15:56 - 2023-04-13 22:55 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2024-05-08 15:56 - 2020-10-10 05:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-08 15:56 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-08 06:56 - 2019-12-07 19:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-05-08 06:32 - 2020-02-08 18:09 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Excel
2024-05-08 06:32 - 2020-02-06 11:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Word
2024-05-07 15:36 - 2020-01-31 12:34 - 000000000 ____D C:\Users\Rick\AppData\Local\Packages
2024-05-07 15:34 - 2020-01-31 14:57 - 000000000 ____D C:\Users\Rick\Documents\CCleaner
2024-05-07 15:32 - 2023-10-14 06:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-07 15:32 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-07 15:32 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2024-05-07 15:27 - 2020-10-10 05:27 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-07 15:27 - 2020-10-10 05:27 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-07 15:24 - 2019-12-07 19:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-05-07 15:22 - 2021-06-12 19:32 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\IGDump
2024-05-06 22:28 - 2021-11-18 12:59 - 000000000 ____D C:\Program Files\Remo ONE
2024-05-06 22:27 - 2021-11-18 11:26 - 000000000 ____D C:\Program Files (x86)\Remo Repair Word 2.0
2024-05-06 17:48 - 2020-02-06 16:33 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache
2024-05-05 23:45 - 2020-02-06 09:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\vlc
2024-05-05 22:51 - 2020-02-18 17:37 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\PowerPoint
2024-05-05 21:38 - 2023-04-19 07:22 - 000000000 ____D C:\Users\Rick\AppData\Roaming\flashpoint-launcher
2024-05-05 21:04 - 2023-10-31 05:36 - 000000000 ____D C:\Flashpoint
2024-05-05 19:16 - 2021-03-05 15:49 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Norton
2024-05-05 19:14 - 2022-03-08 23:08 - 000000000 ____D C:\WINDOWS\Minidump
2024-05-05 17:12 - 2020-02-06 11:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Office
2024-05-05 14:58 - 2020-03-16 23:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-05 14:41 - 2020-04-05 13:59 - 000000000 __SHD C:\Users\Rick\IntelGraphicsProfiles
2024-05-05 05:54 - 2023-09-05 14:32 - 000002800 _____ C:\Users\Rick\Desktop\Daily.lnk
2024-05-05 01:11 - 2024-03-08 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2024-05-05 00:11 - 2020-10-09 22:37 - 000000000 ____D C:\Users\Rick
2024-05-04 16:18 - 2021-01-16 15:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
2024-05-03 23:44 - 2024-03-08 02:25 - 000000342 _____ C:\WINDOWS\system32\log
2024-05-03 15:05 - 2020-02-06 09:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-03 02:38 - 2020-02-06 09:28 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-02 22:51 - 2023-05-02 19:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-02 22:51 - 2022-02-19 15:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-05-02 22:51 - 2020-02-06 09:30 - 000000974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-02 15:08 - 2020-02-08 15:24 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-05-01 04:36 - 2020-02-06 09:28 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-30 03:52 - 2021-12-13 16:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-256949468-1460428694-2583359438-1001
2024-04-29 19:30 - 2020-01-31 13:11 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2024-04-26 05:56 - 2021-03-31 19:38 - 000000000 ____D C:\ProgramData\NCH Software
2024-04-26 05:56 - 2020-10-08 14:37 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software
2024-04-26 05:54 - 2020-10-10 05:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2024-04-25 18:45 - 2020-04-11 15:27 - 000000000 ____D C:\Program Files\Recuva
2024-04-25 07:10 - 2021-05-01 03:06 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2024-04-25 07:10 - 2021-01-22 03:41 - 000000000 ____D C:\ProgramData\Ashampoo
2024-04-25 07:10 - 2020-03-28 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2024-04-25 05:37 - 2021-09-22 03:01 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-25 05:37 - 2021-09-22 03:01 - 000001979 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-25 05:37 - 2021-09-22 03:01 - 000001979 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-25 05:37 - 2021-09-22 03:01 - 000001967 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-24 22:42 - 2021-02-05 21:03 - 000000000 ____D C:\Users\Rick\AppData\Local\Wondershare
2024-04-24 22:19 - 2021-02-05 21:01 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2024-04-24 01:11 - 2021-02-05 21:08 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Wondershare
2024-04-24 01:09 - 2021-02-05 21:03 - 000000000 ____D C:\ProgramData\Wondershare
2024-04-22 04:42 - 2024-01-04 19:41 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pixum Photo World
2024-04-22 04:42 - 2024-01-04 19:31 - 000000000 ____D C:\Program Files\Pixum
2024-04-22 00:49 - 2020-02-29 18:32 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss
2024-04-21 07:16 - 2020-06-30 14:58 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Temp
2024-04-21 06:30 - 2024-01-04 14:55 - 000000000 ____D C:\Users\Rick\Documents\Photobook Designer Projects
2024-04-20 15:56 - 2021-08-09 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip PDF
2024-04-20 07:09 - 2022-03-07 15:44 - 000000000 ____D C:\Users\Rick\AppData\Roaming\FlipPDFPlusPro
2024-04-18 17:57 - 2021-12-02 12:41 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Ability5
2024-04-16 19:15 - 2020-03-04 17:49 - 000001456 _____ C:\Users\Rick\AppData\Local\Adobe Save for Web 13.0 Prefs
2024-04-13 17:27 - 2020-02-06 09:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2024-04-13 05:35 - 2020-02-07 20:58 - 000000000 ____D C:\Program Files\Common Files\AV
2024-04-13 03:55 - 2023-03-23 22:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2024-04-11 04:41 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-11 01:41 - 2020-01-31 13:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-11 01:37 - 2020-01-31 13:19 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-11 01:00 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-11 00:54 - 2023-12-14 05:42 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-11 00:54 - 2023-08-02 13:44 - 005211848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-11 00:54 - 2020-10-09 22:24 - 000000000 ____D C:\WINDOWS\en-GB
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-10 17:58 - 2020-01-31 12:50 - 000000000 ____D C:\ProgramData\Packages
2024-04-10 17:58 - 2020-01-31 12:34 - 000000000 ____D C:\Users\Rick\AppData\Local\Publishers
2024-04-10 13:59 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 13:56 - 2020-10-10 05:23 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-09 01:02 - 2020-10-10 05:27 - 000003784 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2024-04-09 01:02 - 2020-10-10 05:27 - 000003660 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-10-28 14:15 - 2022-08-10 23:12 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2020-12-07 17:51 - 2024-02-16 18:04 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe BMP Format CS6 Prefs
2021-02-21 15:16 - 2021-02-21 15:16 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe GIF Format CS6 Prefs
2020-03-12 16:23 - 2023-09-02 23:37 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe PNG Format CS6 Prefs
2023-08-14 21:46 - 2023-08-14 21:46 - 000000025 _____ () C:\Users\Rick\AppData\Roaming\alsoft.ini
2020-10-06 15:28 - 2020-10-06 15:28 - 000000673 _____ () C:\Users\Rick\AppData\Roaming\Contact Sheet II.xml
2020-10-06 15:28 - 2020-10-06 15:29 - 000007452 _____ () C:\Users\Rick\AppData\Roaming\ContactSheetII.log
2020-04-20 11:35 - 2024-02-13 21:38 - 000004970 _____ () C:\Users\Rick\AppData\Roaming\event.log
2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.br
2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.col
2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.gr
2024-01-06 05:47 - 2024-01-06 05:47 - 000003072 _____ () C:\Users\Rick\AppData\Roaming\Photobook Designer Prefsv3
2024-01-06 05:37 - 2024-01-06 05:37 - 000003072 _____ () C:\Users\Rick\AppData\Roaming\PhotobookShop.com.au Prefsv2021
2020-03-04 17:49 - 2024-04-16 19:15 - 000001456 _____ () C:\Users\Rick\AppData\Local\Adobe Save for Web 13.0 Prefs
2023-10-27 14:28 - 2024-04-06 18:11 - 000008192 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-04-08 23:25 - 2022-04-08 23:26 - 000005072 _____ () C:\Users\Rick\AppData\Local\krita-sysinfo.log
2022-04-08 23:25 - 2022-04-08 23:27 - 000000834 _____ () C:\Users\Rick\AppData\Local\krita.log
2022-04-08 23:27 - 2022-04-08 23:27 - 000000039 _____ () C:\Users\Rick\AppData\Local\kritadisplayrc
2022-04-08 23:25 - 2022-04-08 23:27 - 000016811 _____ () C:\Users\Rick\AppData\Local\kritarc
2023-06-21 15:30 - 2023-06-21 15:30 - 000000218 _____ () C:\Users\Rick\AppData\Local\recently-used.xbel
2020-03-10 15:00 - 2020-03-10 15:00 - 000000017 _____ () C:\Users\Rick\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================