Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01 Ran by Rick (administrator) on HAL (Acer Aspire TC-605) (08-05-2024 19:26:34) Running from C:\Users\Rick\Desktop\FRST64.exe Loaded Profiles: Rick Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: English (United States) -> English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2> (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe (C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (explorer.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (explorer.exe ->) (Ashampoo GmbH & Co. KG -> Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Taskbar Customizer\ATBCustomizer.exe (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\timeserv.exe (services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (services.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe (services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe (services.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.3.2\NortonSecurity.exe <2> (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.3.2\nsWscSvc.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe (services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed] HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [5321728 2016-08-16] () [File not signed] HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [603504 2021-07-05] (Avanquest Software SAS -> Avanquest Software) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1572200 2021-12-08] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [MicrosoftEdgeAutoLaunch_EF09251048DD056187DB9D41D3C2F7EB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [Ashampoo Taskbar Customizer] => C:\Program Files (x86)\Ashampoo\Ashampoo Taskbar Customizer\ATBCustomizer.exe [3351464 2019-09-26] (Ashampoo GmbH & Co. KG -> Ashampoo Development GmbH & Co. KG) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-256949468-1460428694-2583359438-1001\...\MountPoints2: {11745b8d-56ec-11ea-add2-40f02f1b2390} - "D:\HPLauncher.exe" HKU\S-1-5-21-256949468-1460428694-2583359438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\90.0.3.0\GoogleDriveFS.exe [60567840 2024-04-25] (Google LLC -> Google, Inc.) HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\Canon TS9500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDER.DLL [529408 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: CNCALBL.DLL (No File) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9100 series: CNMLMDN.DLL (No File) HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9500 series: C:\WINDOWS\system32\CNMLMER.DLL [950272 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\EPSON XP-100 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMIGE.DLL [120320 2014-12-04] (SEIKO EPSON CORPORATION) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.119\Installer\chrmstp.exe [2024-05-03] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\124.1.65.126\Installer\chrmstp.exe [2024-05-02] (Brave Software, Inc. -> Brave Software, Inc.) Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luminar Neo.lnk [2023-10-21] ShortcutTarget: Luminar Neo.lnk -> C:\Program Files\Skylum\Luminar Neo\Luminar Neo.exe (Skylum Software USA, Inc. -> Skylum) Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2020-10-10] ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (American Greetings, Inc. -> Webshots.com) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2020-08-18] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4D3FD145-F67A-4D5B-866F-E78EF6D2321B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-11-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {C3EF17CF-0130-44B7-9BBE-7D9F06AA618E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {BCFBCFB0-70B0-47B4-B4A1-D88C3F158B0F} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {0DBB4385-3352-4D85-B24E-D654410E2ECB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {175605D2-8C58-42A2-90CB-386F13AAF1C4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {E7224AAF-2B73-4117-B1EA-80CE13F5AB33} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {6F60D23C-42FE-44CD-89E3-C42E5E5AAB1F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "dcf4fcfc-891a-4d06-bd17-5af257bb5e05" --version "6.23.11010" --silent Task: {68BF869C-4A66-4BB7-841B-35158114BECB} - System32\Tasks\CCleanerSkipUAC - Rick => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {51385BC8-6F76-4FA7-97E1-C480436221B2} - System32\Tasks\DuplicatePhotoCleaner => C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe [7131408 2022-12-07] (Webminds, Inc. -> Webminds, Inc.) Task: {DC64B245-D027-418F-9B3A-CCC797766EB8} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{6FA1621E-9F25-44AE-8AD3-C31A3E355D08} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC) Task: {EE80212A-CE47-44DD-873C-C9754401E075} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {54B2EFEB-1ADC-46A5-92C7-B64CACC3E4B9} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-256949468-1460428694-2583359438-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {D122626C-4277-4FED-A7C3-998B28F92973} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-04-26] (Mozilla Corporation -> Mozilla Foundation) Task: {104CA619-8E13-4B95-A19D-A490C700B115} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {E561E097-05FC-4529-B6D1-B518457A41B3} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {21145954-9ABB-4B18-80E6-841374652EF6} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.24.3.2\symerr.exe [379024 2024-04-05] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {0194DEC8-DAFC-4936-B3F9-46258074BC0F} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe /ui (No File) Task: {2BDB19C3-EF96-4098-AE13-7AB70E153421} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe /analyze (No File) Task: {A91EE356-DE0A-40DA-BE57-695FDCC4B667} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe /submit (No File) Task: {2964EC9E-A7D8-4A17-A7BC-7E293C23C251} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.3.2\WSCStub.exe [646520 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {3500DB66-7249-492D-A607-16686E850D39} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2021-09-09] () [File not signed] Task: {97AFCCB1-6A02-4653-8D99-EBBBCF0B639F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvContainer\-d "C:\Program Files (x86)\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {AF63EC5D-3FDC-4A94-A5A8-866371F7740C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {1F493D6D-2C88-4103-81D8-7EEF1920350B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1A752B1B-56D1-4C68-B5C7-228133B40A75} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler Task: {945FB4D6-6BF4-4E70-B59F-744473806AD9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {64537EEC-2771-4242-A7F5-88D30912B1EA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E6D6B4C-4A1A-406C-ACEB-E424D04B8716} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {ED984D0E-F8E1-4B5E-9BCE-DE993B9AD3C9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {95928CAF-74AD-44E8-B6AA-39CA7AF65E64} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {B7464592-8E28-463C-A92A-6CB5CC7D7CCD} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -> C:\Program Files\Norton Utilities Premium\-appexecutable nup.exe -tuds Task: {6F8318DB-663F-47BC-85A8-B4201212E00A} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [24432 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{7a6bdbe5-4a2d-41bb-9716-f163a14c067c}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{7a6bdbe5-4a2d-41bb-9716-f163a14c067c}: [DhcpDomain] gateway Tcpip\..\Interfaces\{bea8e2f7-34fe-471f-b613-68f988580f8e}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{bea8e2f7-34fe-471f-b613-68f988580f8e}: [DhcpDomain] gateway Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-07] Edge StartupUrls: Default -> "hxxps://www.google.com.au/" Edge NewTab: Default -> "active": false, "entry": "chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html" Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats} Edge Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2024-04-07] Edge Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-30] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-14] Edge Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2024-03-26] Edge Extension: (Edge relevant text changes) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26] Edge Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2024-02-17] Edge Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2024-04-06] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: jqfpk2wu.default FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\jqfpk2wu.default [2023-06-14] FF Homepage: Mozilla\Firefox\Profiles\jqfpk2wu.default -> hxxp://search.notepad.com FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release [2024-05-08] FF Homepage: Mozilla\Firefox\Profiles\7c9zc584.default-release -> moz-extension://ca29783f-f692-4eef-bde9-edcc988830ba/homePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonhomepage@symantec.com FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonhomepage@symantec.com FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: nortonsafesearch_ul_2@symantec.com FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: amazon@search.mozilla.org FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: wikipedia@search.mozilla.org FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: ebay@search.mozilla.org FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: ddg@search.mozilla.org FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: bing@search.mozilla.org FF NewTabOverride: Mozilla\Firefox\Profiles\7c9zc584.default-release -> Enabled: google@search.mozilla.org FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\idsafe@norton.com.xpi [2023-05-02] FF Extension: (Norton Home Page) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonhomepage@symantec.com.xpi [2023-05-02] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json] FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2023-01-03] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json] FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2023-01-24] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\7c9zc584.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-05-26] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-04-11] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2024-05-08] CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.instagram.com CHR HomePage: Default -> hxxps://wwwgoogle.com.au/webhp?cr=countryAU&tbs=ctr:countryAU&pli=1 CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?hl=en&sa=X&ved=0ahUKEwjMxeOmhdz2AhUdx4sBHb2tBswQPAgI" CHR NewTab: Default -> Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html", Not-active:"chrome-extension://eoigllimhcllmhedfbmahegmoakcdakd/homePageRedirect.html" CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-04-18] CHR Extension: (DuckDuckGo) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-03-14] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2020-02-07] CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoigllimhcllmhedfbmahegmoakcdakd [2023-05-10] CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2024-04-06] CHR Extension: (APK Downloader) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2024-03-05] CHR Extension: (Tomba - Email Finder & Email Extractor Plus) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjegjggphchjckknoooajmklibccjb [2024-04-30] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-04-11] CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-21] CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2024-04-05] CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2024-04-05] CHR Extension: (Save Image As PNG) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkokmeaibnajheohncaamjggkanfbphi [2022-10-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-17] CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-05-07] CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-07] CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKU\S-1-5-21-256949468-1460428694-2583359438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Brave: ======= BRA DefaultProfile: Default BRA Profile: C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-05-08] BRA DefaultSearchKeyword: Default -> :g BRA Extension: (Google Translate) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-23] BRA Extension: (Tampermonkey) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-05-05] BRA Profile: C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1 [2024-05-07] BRA Extension: (Tampermonkey) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-01-15] BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-15] BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-05-08] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-05-08] BRA Extension: (Brave NTP background images) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-05] BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-05-08] BRA Extension: (Wallet Data Files Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-22] BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-05-08] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-22] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-16] BRA Extension: (Brave User Model Installer) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-03-20] BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-04-29] BRA Extension: (Brave NTP sponsored images) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2024-05-08] BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-05-08] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-15] BRA Extension: (Brave Ads Resources) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\kklfafolbojbonkjgifmmkdmaaimminj [2024-03-01] BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-05-05] BRA Extension: (Brave Ads Resources) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2024-01-29] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Rick\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-29] StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2023-11-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed] R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe [1102328 2023-02-24] (AOMEI International Network Limited -> AOMEI International Network Limited) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.) S3 BraveElevationService1da293feac00bfa; C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\124.1.65.126\elevation_service.exe [2680344 2024-05-01] (Brave Software, Inc. -> Brave Software, Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-02-08] (Brave Software, Inc. -> BraveSoftware Inc.) R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144784 2018-04-18] (Canon Inc. -> CANON INC.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2433528 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S2 GoogleUpdaterInternalService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC) S2 GoogleUpdaterService126.0.6441.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe [4789536 2024-04-26] (Google LLC -> Google LLC) S3 hasplms; C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe [5730312 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> ) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 NativePushService; C:\Users\Rick\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595352 2023-08-22] (Wondershare Technology Group Co.,Ltd -> Wondershare) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.3.2\NortonSecurity.exe [344888 2024-04-05] (NortonLifeLock Inc. -> NortonLifelock Inc.) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.3.2\nsWscSvc.exe [1059176 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [18135808 2023-11-17] (Logitech Inc -> Logitech, Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-31] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation) S3 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aksdf; C:\WINDOWS\system32\drivers\aksdf.sys [389560 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.) R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [510800 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2023-04-13] (AOMEI International Network Limited -> ) R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2023-04-13] (AOMEI International Network Limited -> ) S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.1.21\Definitions\BASHDefs\20240507.001\BHDrvx64.sys [1706496 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\ccSetx64.sys [198288 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R0 EUDCPOTG; C:\WINDOWS\System32\drivers\EUDCPOTG.sys [77904 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKOTG; C:\WINDOWS\system32\drivers\EUEDKOTG.sys [25200 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-06-21] (X-Rite Incorporated -> GretagMacbeth LLC) R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1970104 2020-05-29] (Gemalto, Inc. -> SafeNet, Inc.) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.1.21\Definitions\IPSDefs\20240507.064\IDSvia64.sys [1554432 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation) S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2021-02-23] (Logitech Inc -> Logitech) S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2021-02-23] (Logitech Inc -> Logitech) S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2021-02-23] (Logitech Inc -> Logitech) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [72792 2021-12-01] (Insecure.Com LLC -> Insecure.Com LLC.) S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\nsvst.sys [57120 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SRTSP64.SYS [960640 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SRTSPX64.SYS [52864 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SYMEFASI64.SYS [2180248 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\SymELAM.sys [36016 2024-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100344 2023-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.1.21\SymPlatform\SymEvnt.sys [934912 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\Ironx64.SYS [306872 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\symnets.sys [492720 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41400 2020-11-16] (McAfee, LLC. -> The OpenVPN Project) S2 Vcs; C:\WINDOWS\SysWOW64\Drivers\Vcs.sys [6852 2010-12-02] () [File not signed] S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-31] (Microsoft Windows -> Microsoft Corporation) R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2018-08-13] (PC Micro Systems Inc. -> Nicomsoft Ltd.) R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618030.002\wpCtrlDrv.sys [1016792 2024-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S1 netfilter2; system32\drivers\netfilter2.sys [X] U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-05-08 19:26 - 2024-05-08 19:27 - 000049964 _____ C:\Users\Rick\Desktop\FRST.txt 2024-05-08 19:25 - 2024-05-08 19:26 - 000000000 ____D C:\FRST 2024-05-08 16:25 - 2024-05-08 16:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2024-05-08 15:56 - 2024-05-08 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2024-05-08 06:11 - 2024-05-08 06:11 - 002394112 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe 2024-05-07 23:15 - 2024-05-07 23:15 - 000267312 _____ C:\WINDOWS\system32\lc.dat 2024-05-07 16:45 - 2024-05-07 16:45 - 000545545 _____ C:\Users\Rick\Documents\Publication1.pdf 2024-05-05 00:22 - 2024-05-08 15:56 - 000008192 ___SH C:\DumpStack.log.tmp 2024-05-02 16:18 - 2024-05-02 16:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2024-05-01 04:36 - 2024-05-01 04:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem 2024-04-30 03:52 - 2024-04-30 03:52 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-256949468-1460428694-2583359438-1001 2024-04-30 03:52 - 2024-04-30 03:52 - 000002379 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-04-25 18:44 - 2024-04-30 04:05 - 000000000 ____D C:\Users\Rick\Desktop\1 2024-04-24 01:11 - 2024-04-24 01:11 - 000000000 ____D C:\Voiceover 2024-04-24 01:05 - 2024-04-24 22:42 - 000000000 ____D C:\ProgramData\Wondershare Filmora 2024-04-22 04:21 - 2024-04-22 04:29 - 000000000 ____D C:\Users\Rick\AppData\Local\Vistaprint.au Photo Books 2024-04-22 04:21 - 2024-04-22 04:21 - 000000000 ____D C:\Users\Rick\AppData\Local\apc.exe.WebView2 2024-04-20 15:56 - 2024-04-20 15:56 - 000000000 ____D C:\Program Files (x86)\Flip PDF 2024-04-18 22:19 - 2024-04-19 19:43 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job 2024-04-18 22:19 - 2024-04-18 22:19 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2024-04-18 22:19 - 2024-04-18 22:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2024-04-17 01:14 - 2024-05-03 01:14 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CompuClever 2024-04-13 17:23 - 2024-04-13 17:28 - 000000010 _____ C:\WINDOWS\Wininit.ini 2024-04-13 17:23 - 2024-04-13 17:23 - 000000024 _____ C:\WINDOWS\Au1tgr.ns 2024-04-13 17:23 - 2024-04-13 17:23 - 000000000 ____D C:\WINDOWS\Noslip 2024-04-13 03:55 - 2024-05-08 16:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360 2024-04-13 03:55 - 2024-04-13 04:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2024-04-13 03:55 - 2024-04-13 03:55 - 000003374 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2024-04-10 13:56 - 2024-04-10 13:56 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-04-10 13:56 - 2024-04-10 13:56 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-04-10 13:47 - 2024-04-10 13:47 - 000000000 ___HD C:\$WinREAgent ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-05-08 19:26 - 2023-01-20 20:03 - 000000000 ____D C:\Program Files\CCleaner 2024-05-08 19:25 - 2020-02-18 13:55 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Publisher Building Blocks 2024-05-08 19:18 - 2023-07-29 23:29 - 000000000 ____D C:\Users\Rick\AppData\Local\Norton 2024-05-08 19:17 - 2020-02-18 13:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Publisher 2024-05-08 19:07 - 2021-12-17 22:55 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-05-08 18:51 - 2023-02-04 14:13 - 000000000 ____D C:\Users\Rick\AppData\Local\LogiOptionsPlus 2024-05-08 18:40 - 2020-10-10 05:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-05-08 16:04 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-05-08 16:04 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-05-08 16:03 - 2020-10-10 05:30 - 000005772 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-05-08 16:03 - 2020-10-10 05:27 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3711FA49-9F56-4A78-9607-6108E536D6A6} 2024-05-08 16:02 - 2020-01-31 12:37 - 000000000 ____D C:\ProgramData\NVIDIA 2024-05-08 15:56 - 2023-04-13 22:55 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat 2024-05-08 15:56 - 2020-10-10 05:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-05-08 15:56 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-05-08 06:56 - 2019-12-07 19:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-05-08 06:32 - 2020-02-08 18:09 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Excel 2024-05-08 06:32 - 2020-02-06 11:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Word 2024-05-07 15:36 - 2020-01-31 12:34 - 000000000 ____D C:\Users\Rick\AppData\Local\Packages 2024-05-07 15:34 - 2020-01-31 14:57 - 000000000 ____D C:\Users\Rick\Documents\CCleaner 2024-05-07 15:32 - 2023-10-14 06:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-05-07 15:32 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2024-05-07 15:32 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF 2024-05-07 15:27 - 2020-10-10 05:27 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-05-07 15:27 - 2020-10-10 05:27 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-05-07 15:24 - 2019-12-07 19:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2024-05-07 15:22 - 2021-06-12 19:32 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\IGDump 2024-05-06 22:28 - 2021-11-18 12:59 - 000000000 ____D C:\Program Files\Remo ONE 2024-05-06 22:27 - 2021-11-18 11:26 - 000000000 ____D C:\Program Files (x86)\Remo Repair Word 2.0 2024-05-06 17:48 - 2020-02-06 16:33 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache 2024-05-05 23:45 - 2020-02-06 09:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\vlc 2024-05-05 22:51 - 2020-02-18 17:37 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\PowerPoint 2024-05-05 21:38 - 2023-04-19 07:22 - 000000000 ____D C:\Users\Rick\AppData\Roaming\flashpoint-launcher 2024-05-05 21:04 - 2023-10-31 05:36 - 000000000 ____D C:\Flashpoint 2024-05-05 19:16 - 2021-03-05 15:49 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Norton 2024-05-05 19:14 - 2022-03-08 23:08 - 000000000 ____D C:\WINDOWS\Minidump 2024-05-05 17:12 - 2020-02-06 11:54 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Office 2024-05-05 14:58 - 2020-03-16 23:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-05-05 14:41 - 2020-04-05 13:59 - 000000000 __SHD C:\Users\Rick\IntelGraphicsProfiles 2024-05-05 05:54 - 2023-09-05 14:32 - 000002800 _____ C:\Users\Rick\Desktop\Daily.lnk 2024-05-05 01:11 - 2024-03-08 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader 2024-05-05 00:11 - 2020-10-09 22:37 - 000000000 ____D C:\Users\Rick 2024-05-04 16:18 - 2021-01-16 15:37 - 000000000 ____D C:\ProgramData\CanonIJPLM 2024-05-03 23:44 - 2024-03-08 02:25 - 000000342 _____ C:\WINDOWS\system32\log 2024-05-03 15:05 - 2020-02-06 09:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-05-03 02:38 - 2020-02-06 09:28 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-05-02 22:51 - 2023-05-02 19:22 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-05-02 22:51 - 2022-02-19 15:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2024-05-02 22:51 - 2020-02-06 09:30 - 000000974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-05-02 15:08 - 2020-02-08 15:24 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2024-05-01 04:36 - 2020-02-06 09:28 - 000000000 ____D C:\Program Files (x86)\Google 2024-04-30 03:52 - 2021-12-13 16:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-256949468-1460428694-2583359438-1001 2024-04-29 19:30 - 2020-01-31 13:11 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps 2024-04-26 05:56 - 2021-03-31 19:38 - 000000000 ____D C:\ProgramData\NCH Software 2024-04-26 05:56 - 2020-10-08 14:37 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software 2024-04-26 05:54 - 2020-10-10 05:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2024-04-25 18:45 - 2020-04-11 15:27 - 000000000 ____D C:\Program Files\Recuva 2024-04-25 07:10 - 2021-05-01 03:06 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2024-04-25 07:10 - 2021-01-22 03:41 - 000000000 ____D C:\ProgramData\Ashampoo 2024-04-25 07:10 - 2020-03-28 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2024-04-25 05:37 - 2021-09-22 03:01 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2024-04-25 05:37 - 2021-09-22 03:01 - 000001979 _____ C:\Users\Default\Desktop\Google Slides.lnk 2024-04-25 05:37 - 2021-09-22 03:01 - 000001979 _____ C:\Users\Default\Desktop\Google Sheets.lnk 2024-04-25 05:37 - 2021-09-22 03:01 - 000001967 _____ C:\Users\Default\Desktop\Google Docs.lnk 2024-04-24 22:42 - 2021-02-05 21:03 - 000000000 ____D C:\Users\Rick\AppData\Local\Wondershare 2024-04-24 22:19 - 2021-02-05 21:01 - 000000000 ____D C:\Users\Public\Documents\Wondershare 2024-04-24 01:11 - 2021-02-05 21:08 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Wondershare 2024-04-24 01:09 - 2021-02-05 21:03 - 000000000 ____D C:\ProgramData\Wondershare 2024-04-22 04:42 - 2024-01-04 19:41 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pixum Photo World 2024-04-22 04:42 - 2024-01-04 19:31 - 000000000 ____D C:\Program Files\Pixum 2024-04-22 00:49 - 2020-02-29 18:32 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss 2024-04-21 07:16 - 2020-06-30 14:58 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Temp 2024-04-21 06:30 - 2024-01-04 14:55 - 000000000 ____D C:\Users\Rick\Documents\Photobook Designer Projects 2024-04-20 15:56 - 2021-08-09 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip PDF 2024-04-20 07:09 - 2022-03-07 15:44 - 000000000 ____D C:\Users\Rick\AppData\Roaming\FlipPDFPlusPro 2024-04-18 17:57 - 2021-12-02 12:41 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Ability5 2024-04-16 19:15 - 2020-03-04 17:49 - 000001456 _____ C:\Users\Rick\AppData\Local\Adobe Save for Web 13.0 Prefs 2024-04-13 17:27 - 2020-02-06 09:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2024-04-13 05:35 - 2020-02-07 20:58 - 000000000 ____D C:\Program Files\Common Files\AV 2024-04-13 03:55 - 2023-03-23 22:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2024-04-11 04:41 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\appcompat 2024-04-11 01:41 - 2020-01-31 13:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-04-11 01:37 - 2020-01-31 13:19 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-04-11 01:00 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-04-11 00:54 - 2023-12-14 05:42 - 000000000 ____D C:\WINDOWS\InboxApps 2024-04-11 00:54 - 2023-08-02 13:44 - 005211848 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-04-11 00:54 - 2020-10-09 22:24 - 000000000 ____D C:\WINDOWS\en-GB 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\DDFs 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\Provisioning 2024-04-11 00:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-04-10 17:58 - 2020-01-31 12:50 - 000000000 ____D C:\ProgramData\Packages 2024-04-10 17:58 - 2020-01-31 12:34 - 000000000 ____D C:\Users\Rick\AppData\Local\Publishers 2024-04-10 13:59 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-04-10 13:56 - 2020-10-10 05:23 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-04-09 01:02 - 2020-10-10 05:27 - 000003784 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2024-04-09 01:02 - 2020-10-10 05:27 - 000003660 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2020-10-28 14:15 - 2022-08-10 23:12 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe AIFF Format CS6 Prefs 2020-12-07 17:51 - 2024-02-16 18:04 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe BMP Format CS6 Prefs 2021-02-21 15:16 - 2021-02-21 15:16 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe GIF Format CS6 Prefs 2020-03-12 16:23 - 2023-09-02 23:37 - 000000132 _____ () C:\Users\Rick\AppData\Roaming\Adobe PNG Format CS6 Prefs 2023-08-14 21:46 - 2023-08-14 21:46 - 000000025 _____ () C:\Users\Rick\AppData\Roaming\alsoft.ini 2020-10-06 15:28 - 2020-10-06 15:28 - 000000673 _____ () C:\Users\Rick\AppData\Roaming\Contact Sheet II.xml 2020-10-06 15:28 - 2020-10-06 15:29 - 000007452 _____ () C:\Users\Rick\AppData\Roaming\ContactSheetII.log 2020-04-20 11:35 - 2024-02-13 21:38 - 000004970 _____ () C:\Users\Rick\AppData\Roaming\event.log 2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.br 2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.col 2022-10-10 14:45 - 2022-10-10 14:45 - 000000112 _____ () C:\Users\Rick\AppData\Roaming\mxPaint.gr 2024-01-06 05:47 - 2024-01-06 05:47 - 000003072 _____ () C:\Users\Rick\AppData\Roaming\Photobook Designer Prefsv3 2024-01-06 05:37 - 2024-01-06 05:37 - 000003072 _____ () C:\Users\Rick\AppData\Roaming\PhotobookShop.com.au Prefsv2021 2020-03-04 17:49 - 2024-04-16 19:15 - 000001456 _____ () C:\Users\Rick\AppData\Local\Adobe Save for Web 13.0 Prefs 2023-10-27 14:28 - 2024-04-06 18:11 - 000008192 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2022-04-08 23:25 - 2022-04-08 23:26 - 000005072 _____ () C:\Users\Rick\AppData\Local\krita-sysinfo.log 2022-04-08 23:25 - 2022-04-08 23:27 - 000000834 _____ () C:\Users\Rick\AppData\Local\krita.log 2022-04-08 23:27 - 2022-04-08 23:27 - 000000039 _____ () C:\Users\Rick\AppData\Local\kritadisplayrc 2022-04-08 23:25 - 2022-04-08 23:27 - 000016811 _____ () C:\Users\Rick\AppData\Local\kritarc 2023-06-21 15:30 - 2023-06-21 15:30 - 000000218 _____ () C:\Users\Rick\AppData\Local\recently-used.xbel 2020-03-10 15:00 - 2020-03-10 15:00 - 000000017 _____ () C:\Users\Rick\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================