Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Email Hijacked - Please Help


  • Please log in to reply

#1
need2no

need2no

    Member

  • Member
  • PipPip
  • 41 posts

Earlier today I received an email bribing me to send bitcoin to give me control of my email.

 

  • Ransom email I received shows it was sent from my email address.
  • The email ransom note was sent to can no longer receive email.

  • Shortly afterward retailers contacted me wanting to verify fraudulent attempted purchases.
  • I then attempted to change my email password. My provider could not find my log in ID. Problem escalated for further technical assistance. Still awaiting reply.
  • When I use Firefox no matter what address I navigate to it takes me to links for porn sites.
  • Ran Malwarebyte and SUPERAntiSpyware.Browsing problem seems to be rectified

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Joe (administrator) on JOE (Dell Inc. OptiPlex 9020) (04-02-2022 14:19:50)
Running from C:\Users\jotot_000\Desktop
Loaded Profiles: Joe
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(FUJIFILM Corporation.) [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\updater-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\ws.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Starfield Technologies, LLC -> Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] (GoPro, Inc. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2021-08-18] (Corel Corporation -> WinZip Computing, S.L.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3800328 2018-04-27] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-10-11] (Memeo Inc. -> Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] (Memeo Inc. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-10] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5819104 2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2656112 2021-04-16] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10985776 2022-01-14] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Starfield Updater] => C:\Users\jotot_000\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [wben] => C:\Users\jotot_000\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies, LLC)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Workspace Status] => C:\Users\jotot_000\AppData\Local\Workspace\workspacestatus.exe [694760 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [190280 2022-01-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON WF-3520 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJJE.DLL [120320 2015-01-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2022-01-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk [2015-11-23]
ShortcutTarget: Newsflash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe (Avanquest USA LLC) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2022-01-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2022-01-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2022\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Set FUJIFILM PC AutoSave to stby.lnk [2016-08-09]
ShortcutTarget: Set FUJIFILM PC AutoSave to stby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-01-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {029DEE92-B63C-4671-83D6-DB6402D7F115} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {02FA788B-9419-4A21-9BF4-2F1529352D9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {03916563-C51C-42ED-B818-F3C47472B7ED} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {07A5D3DA-E275-4712-B056-3BFED65BCB35} - System32\Tasks\EPSON DS-410 Update => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe [690176 2019-03-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {2D86FBC9-D223-4327-85DC-C8FBC1211656} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {384DCD62-6B91-4154-8224-E83F82D8229D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DA29701-9247-41F8-ACD2-36C79E03467D} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672 2021-10-11] (Intuit, Inc. -> Intuit Inc.)
Task: {4EE71C2E-7673-4980-BF7B-6A0B39D7082F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {5A6AC5E4-E5D9-40A1-ABC6-727EBC4FD572} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {5EAA5518-E575-403C-86B1-76A1E7087233} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6166BE6D-B100-4CFB-98CB-AE5A8772EA84} - System32\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {616F008C-5800-435B-BBAE-CC8BA00CF787} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {61934EE2-DD00-4CE7-897A-798AF5BE8C9C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {64995C7B-7DA0-41EB-BC6C-0CBD7661882E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {807F871D-3030-47F7-BA2F-ED29B8D50CAE} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {816791A3-4811-4BF3-AC62-290C308EFD86} - System32\Tasks\Outlook Express => C:\Program Files (x86)\Outlook Express\tray.exe (No File)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8D2F9DBA-D87C-4490-90FD-F2E1ED1FAAC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E813C2C-EF13-4F4C-9D89-4028532547BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {9C84C4B1-BDB5-40D6-B95D-8E80FB9951D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1172360 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABE7D929-CDE7-48A7-B776-2CDA78969139} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {AF4FE8A2-6250-44C1-A10E-04CC2DD2D6D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BB29DA99-C28F-4CAC-A881-E36A667CCC4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {E22AA4E3-A809-46A3-B710-A4ED4C2D1FDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E41BD27C-44DA-43D7-A382-4093320DC34B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {EB482E52-87E2-40EF-80E1-B7AEE77F2F6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {F0A12BC8-E204-4512-8F65-04342B30DB13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {F2E1C605-75DF-48D6-BA70-E7A502168DCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD62E65E-85DB-4328-B644-BC57869740C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON DS-410 Update.job => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe/EXE_S:EPSON DS-410,ES0159.DAT /F:UpdateJOE\JoeĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{469b0b08-473a-41ff-a6da-1e3bc03494a9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{93c88401-f7b1-4dd7-8a17-fa3bcc99a41e}: [DhcpNameServer] 172.20.10.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-24]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2022-01-24]
 
FireFox:
========
FF DefaultProfile: 9ddwzvzd.default-1598568816359
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release [2022-02-04]
FF Notifications: Mozilla\Firefox\Profiles\tnu8utwl.default-release -> hxxps://www.smithsonianmag.com; hxxps://www.propertyshark.com; hxxps://mail.google.com
FF Extension: (WBE Paste) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-01-27] [Legacy] [not signed]
FF Extension: (True Key™ by McAfee) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\@true-key.xpi [2021-11-19] [UpdateUrl:hxxps://downloads.truekey.com/firefox/update.json]
FF Extension: (Honey) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\[email protected] [2021-06-26]
FF Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2022-01-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-26]
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\9ddwzvzd.default-1598568816359 [2022-02-04]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @citrixonline.com/appdetectorplugin -> C:\Users\jotot_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-15] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-01-27]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default [2022-02-04]
CHR Notifications: Default -> hxxps://pdfconverterhub.com; hxxps://www.facebook.com; hxxps://zmusic-online.com
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-31]
CHR Extension: (Docs) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-31]
CHR Extension: (Google Drive) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (DuckDuckGo) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-01-30]
CHR Extension: (YouTube) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Salesforce Inbox) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkgdfnjmgamkcpjdljdncfjcegpgcdg [2021-02-21]
CHR Extension: (Google Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Yahoo Partner) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2020-08-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-04]
CHR Extension: (McAfee® Secure Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\enppghjcblldgigemljohkgpcompnjgh [2021-05-21]
CHR Extension: (Sheets) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-19]
CHR Extension: (Glance Networks) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gniobnbbehpgbcamkdplghfimhocklgb [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] (Advanced Micro Devices, Inc. -> )
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-10] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-05-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] (GoPro, Inc. -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2440568 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [715640 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [697208 2019-01-18] (PDFescape -> Red Software)
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2021-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [40784 2021-04-08] (Intuit, Inc. -> )
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14752 2012-10-15] (Memeo Inc. -> Memeo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-03 11:53 - 2022-02-03 11:55 - 000000000 ___HD C:\adobeTemp
2022-01-28 19:27 - 2022-01-28 19:27 - 000000000 ____D C:\WINDOWS\system32\p ö
2022-01-28 19:27 - 2022-01-28 19:27 - 000000000 ____D C:\WINDOWS\system32\À ö
2022-01-25 20:31 - 2022-01-25 20:31 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-21 10:45 - 2022-01-28 11:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-19 16:19 - 2022-01-19 16:19 - 000279408 _____ C:\Users\jotot_000\Desktop\DMAS POLICY Tow Truck UD 22.23.pdf
2022-01-19 16:19 - 2022-01-19 16:19 - 000182637 _____ C:\Users\jotot_000\Desktop\DMAS INV Tow Truck UD 22.23.pdf
2022-01-19 09:25 - 2022-01-19 10:04 - 000410575 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 140 2022.pdf
2022-01-19 09:25 - 2022-01-19 09:48 - 000493796 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 126 2022.pdf
2022-01-19 09:25 - 2022-01-19 09:44 - 000623439 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 125 2022.pdf
2022-01-14 14:06 - 2022-01-14 14:06 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\jotot_000\Downloads\LatencyMon(1).exe
2022-01-14 13:48 - 2022-01-14 13:48 - 000095466 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 127 Add Lot 234 W Main.pdf
2022-01-14 13:39 - 2022-01-14 13:39 - 000092822 _____ C:\Users\jotot_000\Documents\Recipt for Fire Supression '.pdf
2022-01-12 22:51 - 2022-01-14 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2022-01-12 22:51 - 2022-01-14 14:07 - 000000000 ____D C:\Program Files\LatencyMon
2022-01-12 22:51 - 2022-01-12 22:51 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\jotot_000\Downloads\LatencyMon.exe
2022-01-12 22:51 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-01-12 22:45 - 2022-01-12 22:48 - 000399826 _____ C:\Users\jotot_000\Desktop\JOE.txt
2022-01-12 22:43 - 2022-01-12 22:43 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-01-12 22:43 - 2022-01-12 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2022-01-12 22:43 - 2022-01-12 22:43 - 000000000 ____D C:\Program Files\Speccy
2022-01-12 22:41 - 2022-01-12 22:41 - 000003606 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-01-12 22:41 - 2022-01-12 22:41 - 000003604 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-01-12 22:41 - 2022-01-12 22:41 - 000003604 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-01-12 22:41 - 2022-01-12 22:41 - 000000000 ____D C:\Users\jotot_000\AppData\Local\WinZip
2022-01-12 22:40 - 2022-01-12 22:41 - 000001914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-01-12 22:40 - 2022-01-12 22:41 - 000001910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-01-12 22:40 - 2022-01-12 22:41 - 000001898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-01-12 22:40 - 2022-01-12 22:40 - 008234296 _____ (Piriform Software Ltd) C:\Users\jotot_000\Downloads\spsetup132(1).exe
2022-01-12 22:40 - 2022-01-12 22:40 - 000002087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\ProgramData\WinZip
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\Program Files\WinZip
2022-01-12 22:38 - 2022-01-12 22:38 - 008234296 _____ (Piriform Software Ltd) C:\Users\jotot_000\Downloads\spsetup132.exe
2022-01-12 22:37 - 2022-01-12 22:37 - 000000000 ____D C:\ProgramData\UniqueId
2022-01-12 22:36 - 2022-01-12 22:36 - 001016656 _____ (WinZip Computing) C:\Users\jotot_000\Downloads\winzip26-p014.exe
2022-01-12 22:33 - 2022-01-12 22:33 - 000023063 _____ C:\Users\jotot_000\Desktop\Registry.txt
2022-01-12 22:24 - 2022-01-12 22:24 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\jotot_000\Downloads\procexp.exe
2022-01-12 22:13 - 2022-01-12 22:13 - 008369755 _____ (UserBenchmark.com) C:\Users\jotot_000\Downloads\UserBenchMark.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-11 16:55 - 2022-01-11 16:58 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-04 14:25 - 2021-11-29 23:18 - 000041431 _____ C:\Users\jotot_000\Desktop\FRST.txt
2022-02-04 14:24 - 2021-11-17 11:42 - 000000000 ____D C:\FRST
2022-02-04 14:24 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-04 14:19 - 2021-11-29 23:17 - 000000000 ____D C:\Users\jotot_000\Desktop\FRST-OlderVersion
2022-02-04 14:19 - 2021-11-29 23:16 - 002311680 _____ (Farbar) C:\Users\jotot_000\Desktop\FRST64.exe
2022-02-04 14:18 - 2021-11-01 12:58 - 000000000 ____D C:\Users\jotot_000\Documents\Outlook Files
2022-02-04 13:51 - 2016-02-02 10:58 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-04 13:46 - 2020-09-05 02:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-04 11:51 - 2018-02-01 14:51 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Packages
2022-02-04 11:36 - 2016-11-15 16:34 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\Mozilla
2022-02-04 09:50 - 2017-03-29 16:59 - 000000000 ____D C:\Users\jotot_000\Desktop\Joe
2022-02-04 09:37 - 2019-02-12 20:20 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-04 09:14 - 2019-02-01 11:16 - 000000000 ____D C:\Users\jotot_000\AppData\Local\A11E13BE-94F8-4773-855B-43D51C40C866.aplzod
2022-02-04 09:02 - 2020-04-07 14:41 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-02-04 08:43 - 2020-04-07 14:56 - 000000000 ___RD C:\Users\jotot_000\Creative Cloud Files
2022-02-04 08:40 - 2017-06-09 23:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-02-03 12:36 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-03 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-01 13:09 - 2015-10-15 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-01-30 09:51 - 2020-12-18 17:01 - 000000000 ____D C:\Users\jotot_000\AppData\Local\CrashDumps
2022-01-28 21:28 - 2020-06-23 18:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-28 11:18 - 2021-10-11 11:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-28 11:18 - 2020-08-27 18:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-28 11:18 - 2015-10-14 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-28 11:00 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-27 23:17 - 2020-09-05 02:31 - 000000000 ____D C:\Users\jotot_000
2022-01-27 23:15 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Adobe
2022-01-27 23:06 - 2020-09-05 03:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-27 23:06 - 2020-09-05 02:28 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-27 11:31 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1867227179-3748921823-2400054393-1001
2022-01-27 11:31 - 2021-04-29 09:43 - 000002428 _____ C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-27 11:31 - 2020-09-05 03:01 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1867227179-3748921823-2400054393-1001
2022-01-25 20:31 - 2021-07-08 10:26 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\IGDump
2022-01-25 20:31 - 2020-12-10 10:25 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-25 20:30 - 2018-01-11 22:58 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-25 20:30 - 2015-10-15 14:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-25 18:21 - 2020-09-05 03:01 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 18:21 - 2020-09-05 03:01 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-25 01:03 - 2016-02-02 10:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-20 23:56 - 2020-09-05 03:01 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-20 23:56 - 2020-09-05 03:01 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 13:22 - 2020-07-27 10:52 - 000014812 _____ C:\Users\jotot_000\Desktop\Comission.xlsx
2022-01-18 01:03 - 2015-10-15 14:14 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2022-01-18 01:02 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-18 01:02 - 2017-06-09 23:07 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-01-16 03:22 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-14 14:25 - 2015-10-15 11:48 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Adobe
2022-01-12 22:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-11 17:51 - 2020-09-05 03:01 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-11 17:50 - 2015-12-20 12:12 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-11 17:47 - 2020-09-05 05:59 - 000795864 _____ C:\WINDOWS\system32\perfh00C.dat
2022-01-11 17:47 - 2020-09-05 05:59 - 000151260 _____ C:\WINDOWS\system32\perfc00C.dat
2022-01-11 17:47 - 2020-09-05 02:50 - 001786510 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-11 17:40 - 2020-09-05 02:29 - 000514744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-11 17:36 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-11 16:52 - 2015-10-15 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-11 16:47 - 2015-10-15 11:07 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-11 13:05 - 2020-04-07 15:52 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2022-01-11 13:05 - 2020-04-07 15:52 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-01-06 13:08 - 2015-10-15 15:14 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2022-01-06 13:03 - 2018-11-01 13:57 - 000000000 ____D C:\Users\jotot_000\AppData\Roaming\QuickBooks
2022-01-05 13:31 - 2021-04-27 09:01 - 000000000 ____D C:\Users\jotot_000\Desktop\Joe 4 Insure BOR
 
==================== Files in the root of some directories ========
 
2021-08-19 09:06 - 2021-08-19 09:06 - 000503808 _____ (Intuit Inc.) C:\Program Files\Common Files\GraphSeriesCol.dll
2017-03-06 15:14 - 2017-03-06 15:14 - 000001456 _____ () C:\Users\jotot_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-07 14:58 - 2020-04-07 14:58 - 000000000 _____ () C:\Users\jotot_000\AppData\Local\oobelibMkey.log
2021-11-17 10:29 - 2021-11-17 10:29 - 000000052 _____ () C:\Users\jotot_000\AppData\Local\xx.ini
2017-01-03 15:25 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\jotot_000\AppData\Local\Z@!-50796960-5d90-4787-ab9e-84ae443b2d9f.tmp
2017-01-03 15:25 - 2016-07-14 04:09 - 000009216 _____ () C:\Users\jotot_000\AppData\Local\Z@S!-335b5983-63e4-49a4-bc2d-4f07790fd948.tmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Joe (04-02-2022 14:26:58)
Running from C:\Users\jotot_000\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) (2020-09-05 08:02:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1867227179-3748921823-2400054393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867227179-3748921823-2400054393-503 - Limited - Disabled)
Guest (S-1-5-21-1867227179-3748921823-2400054393-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1867227179-3748921823-2400054393-1005 - Limited - Enabled)
Joe (S-1-5-21-1867227179-3748921823-2400054393-1001 - Administrator - Enabled) => C:\Users\jotot_000
WDAGUtilityAccount (S-1-5-21-1867227179-3748921823-2400054393-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
BitRecover TIFF Converter Wizard (HKLM-x32\...\BitRecover TIFF Converter Wizard_is1) (Version:  - BitRecover)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Document Capture Pro (HKLM-x32\...\{BFCA1EA6-1EE8-454D-BAA2-5155948C40A0}) (Version: 3.1.1.0 - Seiko Epson Corporation)
Epson DS-410 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson DS-410 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
Epson Event Manager (HKLM-x32\...\{3EB0F026-9811-4129-973E-215745F5F2C8}) (Version: 3.11.70 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Scan OCR Component Pro (HKLM-x32\...\{7C3DDC52-B63F-463D-B41E-9D619EF93823}) (Version: 1.0.7 - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
GlanceGuest version 4.2.0.38 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.2.0.38 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7955 - Memeo Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14827.20158 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0527a644a4ddd31d) (Version: 17.0.7440.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.3 (x64 en-US)) (Version: 96.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 91.2.1 (x86 en-US)) (Version: 91.2.1 - Mozilla)
MyLabel Designer Deluxe (HKLM-x32\...\{856CD2A4-9BCE-4ED2-B7F5-A96C960081C1}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
Newsflash (HKLM-x32\...\{1A722192-4AEA-4911-9F71-EBECEDC970B5}) (Version: 1.0.0.7 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version:  - )
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 3.0.26.634 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{9C203993-F3BE-4BFC-A254-CB216829D42A}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{824918B9-04A8-443B-B512-081E759C4A55}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{5797860C-821C-48FA-A7C0-B78B89A841C0}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{E4554E04-278B-4A1E-AC60-F2B70D38EB6E}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{E8EE3BDD-8FD5-4198-9DBD-93DBAE6AEA84}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{AD066E45-9601-433B-AB97-6FD927DE7A5D}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{0F869EA9-0E13-429B-8BA0-B4ACEA3141F2}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{8043C225-A362-485A-A9E9-BFBCF3D1F738}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{50E88EA2-1DF3-4769-9753-B5F8C26FE0CC}) (Version: 3.1.16.2121 - Red Software) Hidden
QBIDPServiceInstall (HKLM-x32\...\{C639494E-FAF1-47FB-9EB3-AA296040F456}) (Version: 1.24.4000 - Intuit, Inc.)
QuickBooks (HKLM\...\{A8FB867A-1595-43B2-8F8C-B6112C77CB8D}) (Version: 32.0.4003.3201 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4011.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4010.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4D29DF3C-1A3F-42F7-A565-136F3E5EBD59}) (Version: 31.0.4008.3103 - Intuit Inc.) Hidden
QuickBooks Pro 2018 (HKLM-x32\...\{92254DF4-E735-4B1F-9E61-D1EE5FAAC03D}) (Version: 28.0.4006.2806 - Intuit Inc.)
QuickBooks Pro 2019 (HKLM-x32\...\{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4003.2901 - Intuit Inc.)
QuickBooks Pro 2021 (HKLM-x32\...\{F9E2B890-E921-43AF-AB40-B9D8072CD7E4}) (Version: 31.0.4003.3103 - Intuit Inc.)
QuickBooks Pro 2022 (HKLM\...\{20474FEE-49A6-492B-B731-14D208F2432C}) (Version: 32.0.4001.3201 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks Tool Hub (HKLM-x32\...\{5A43047E-1ACD-4F89-99E6-69988300E6AB}) (Version: 1.4.0.0 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1230 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413B}) (Version: 26.0.14610 - Corel Corporation)
Workspace Desktop (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\workspacedesktop) (Version:  - Starfield Technologies)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zoom (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-04-07] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Age of Empires: Definitive Edition -> C:\Program Files\WindowsApps\Microsoft.MSDallas_1.3.27374.2_x64__8wekyb3d8bbwe [2019-08-20] (Microsoft Studios)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-28] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-10] (Microsoft Studios) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-29] (Microsoft Corporation) [MS Ad]
Passbook Converter -> C:\Program Files\WindowsApps\60967wertzui.PassbookConverter_3.0.0.0_x64__fj0k61qv743vg [2018-07-19] (wertzui)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-08-04] (Adobe Systems Incorporated)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.5.0_x64__r1b4jsc7ddp3p [2021-11-08] (Total PC Cleaner)
Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2016-01-29] (Jujuba Software) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-53889B4FA3EA} -> [Creative Cloud Files] => C:\Users\jotot_000\Creative Cloud Files [2020-04-07 14:56]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies, LLC -> Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technologies, Inc. -> Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{e64977bd-9e0b-498d-843e-1776102710aa}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2019-01-18] (PDFescape -> Red Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-11-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\system32\CFHD.dll [1334784 2017-03-16] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2017-03-16] (CineForm Inc.) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2013-02-28 18:14 - 2013-02-28 18:14 - 000188416 _____ () [File not signed] [File is in use] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000118784 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000135168 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-04-19 12:20 - 2020-04-19 12:20 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-19 12:20 - 2020-04-19 12:20 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2020-07-10 11:23 - 2020-07-10 11:23 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2020-05-26 19:20 - 2020-05-26 19:20 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2018-03-30 18:48 - 2018-03-30 18:48 - 000428032 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDFescape Desktop\libcurl.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {37B9F5B8-4AB3-412B-9850-CF242FA4831D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2018-12-03] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2019-11-27] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} -  No File
Handler-x32: intu-help-qb14 - {C854407F-AA78-4036-A9C1-54EBA9BD3608} - C:\Program Files (x86)\Intuit\QuickBooks 2021\HelpAsyncPluggableProtocol.dll [2021-10-11] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb15 - {0EEC9CBF-4C3D-45B3-9384-3C3CA3034A8B} - C:\Program Files\Intuit\QuickBooks 2022\HelpAsyncPluggableProtocol.dll [2021-11-10] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2021-05-21 14:19 - 000334861 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 ad2games.com
0.0.0.0 adadvisor.net
0.0.0.0 www.adchimp.com
0.0.0.0 pixel.adcrowd.com
0.0.0.0 ct1.addthis.com
0.0.0.0 static.uk.addynamo.com
0.0.0.0 adexc.net
0.0.0.0 static.adfclick1.com
0.0.0.0 server.adformdsp.net
0.0.0.0 s.adframesrc.com
0.0.0.0 media.adfrontiers.com
0.0.0.0 www.adgitize.com
0.0.0.0 www.ad-groups.com #[Ban Man Pro Banner Code]
0.0.0.0 adgrx.com
0.0.0.0 adhall.com
0.0.0.0 adhitzads.com
0.0.0.0 aj.adjungle.com
0.0.0.0 adserver-e7.com
0.0.0.0 n.admagnet.net
 
There are 8702 more lines.
 
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Set FUJIFILM PC AutoSave to stby.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Newsflash.lnk"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Memeo Instant Backup"
HKLM\...\StartupApproved\Run32: => "Seagate Dashboard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Workspace Status"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Starfield Updater"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "wben"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "EPSDNMON"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FF2D9E81-6FBE-4D1D-80D2-2D32D2474550}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B8BA946F-60B4-4D31-A268-F5DD75524510}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74573347-C908-40D5-B900-0BD343885DEC}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{AB23CF5D-A715-4370-8C6A-80905AD5AB2A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{3B568426-690B-4464-AD48-2487343015F7}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{4DFC08BB-1163-4458-95CF-CA5D81E31CF3}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro, Inc. -> )
FirewallRules: [{78DFE748-E16E-4351-A2EC-3C7D1F398230}] => (Allow) LPort=54925
FirewallRules: [{C0FBF500-0685-4BAF-A8F5-D7736F375DE9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{16D5E111-6413-4D4D-9625-81D1F6E0077D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{548B3138-D2B7-420E-8910-100BBCB11CD2}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation) [File not signed]
FirewallRules: [UDP Query User{CE125F92-7108-4CFD-B605-6B054E29BCDA}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{11BD614B-D286-4893-B2BB-B92A4F4A01B1}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{9E9DB471-C4F7-4B1B-9E33-D10CEE9D30BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{22E4CEA1-8D68-46AB-BFFC-9F88270567F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1B44FE03-4E15-43A5-AF74-CBFA6A60F585}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D54D2481-6900-4753-9B8D-1913455141FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{15BFB4BB-0E45-4D6B-B486-2A9B644BCAD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{117E393E-7828-4683-93C4-9ED39F522740}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F7D9FF8-012D-48CE-87DC-3DEF8094DE16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{576D3DFF-216F-4D49-B67E-42FF2AB5143D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{F0640770-A0F9-403D-A5DD-37623F4DC05B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0BCFAA23-1A5D-4CE9-8CF0-2C6137A16313}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [UDP Query User{40BE9436-207C-4E44-8914-F19AA2E6D967}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [{839672FE-FF0D-4BA6-B1CC-7826AD29D75F}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{E5929727-7809-4324-A237-0FE101D81D93}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{39B58CAF-3780-43B3-9610-1823198930DA}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4060716F-90F7-4835-BD7E-FAA1FD8F5870}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4D35C7C8-CD43-4215-9782-21C8DD94901B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BD34B93C-3052-4BA1-987C-2B6893993409}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2AB3B57E-00EE-4417-A442-C60A5272A580}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6624C76C-77A6-43FD-A285-1F7D52E4C196}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3416BE92-DD60-4E05-90C3-6E533D224042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21734E20-4A6D-4E73-A54B-BF6EF2289138}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{76482A60-BA93-4E05-9F43-154F2E4565B3}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{FC6A7572-476E-43C2-84C0-BF250A23C3F0}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{71C7F2AA-6180-4445-9D1E-4B607E5BC6ED}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8402EBE1-A551-432B-9C60-1F4DA8914E59}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1B4E26B3-F0EB-4180-91CB-E3B42DA575D7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{A588D94F-2ECB-4BB2-ADE7-BD0AEE41A2AD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{78887D19-6446-4EC4-9C01-936070B0FF73}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{38161695-ECA7-4E8E-B4F4-18C2BD1F9EB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00646EDB-64C6-4A97-A568-2BDE397828C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{026FD58A-174F-4E81-A1E1-3B63020A6080}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A325730-BB6F-4D45-873C-6EEF73A86DBB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D90C31F7-A721-483D-84E9-B8E6687D0F84}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7689F56-538F-4301-94E5-B5CFA4C69D94}] => (Allow) C:\Program Files\Intuit\QuickBooks 2022\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{AB3964C8-985F-4DC2-AB98-9CE736460B3E}] => (Allow) C:\Program Files\Intuit\QuickBooks 2022\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{4462C18C-833F-463E-8EE4-03053B54DAD6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14E9FB9D-BA55-4CDF-A1F6-5A6F21440675}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E764FB98-1D51-4A10-A7F1-35571952E7A0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
01-02-2022 10:03:04 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/04/2022 08:43:00 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: JOE)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/04/2022 08:43:00 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: JOE)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (02/03/2022 11:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625
 
Error: (02/03/2022 11:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625
 
Error: (02/03/2022 11:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/03/2022 10:11:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {455704b7-b3bf-4a41-98f9-0e394dedb163}
 
Error: (02/03/2022 10:09:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {455704b7-b3bf-4a41-98f9-0e394dedb163}
 
Error: (02/03/2022 03:34:30 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in " Plus 2022":
DB error -739 ErrorMessage:'db_init has not been called or the call to db_init failed'
 
 
System errors:
=============
Error: (02/04/2022 11:58:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 11:58:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 10:22:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 10:22:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 09:34:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 09:34:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 09:10:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/04/2022 09:10:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
Windows Defender:
================
Date: 2022-02-03 18:23:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-02 18:15:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-01 18:36:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-31 18:54:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-30 19:30:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===============
Date: 2021-10-01 10:54:16
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-09-11 04:35:01
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A07 04/25/2014
Motherboard: Dell Inc. 06X1TJ
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 75%
Total physical RAM: 8100.18 MB
Available physical RAM: 1957.66 MB
Total Virtual: 12377.26 MB
Available Virtual: 2591.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:919.74 GB) (Free:597.54 GB) NTFS
 
\\?\Volume{885190b7-72f6-11e5-824c-806e6f6e6963}\ () (Fixed) (Total:11.73 GB) (Free:10.93 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A71DED74)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

Edited by need2no, 04 February 2022 - 03:56 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

I can't see how they are redirecting Firefox to porn sites.    Let's run a fixlist to remove some deadwood and run a few checks to see if we can figure out what is going on.  The fixlist is also going to clean up the Hosts file and clear the DNS cache as there is no way to tell what is hiding there.  Will take about 25 minutes on a normal system

 

Download the attached fixlist.txt to the same location as FRST
 
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Let's also run MBAR to see if there is something hiding that we can't see:
 
 
Click on Download then Save and go to the download folder and right click on the file and Run As Admin.  Follow the instructions.  (Will run faster if you can pause your antivirus while it runs)
 
Have you tried running Firefox in its Safe Mode?  
 
 
This should start Firefox with all extensions disabled.  If that fixes the problem then one of the extensions or add-ons is the culprit. 
 
You have TeamViewer installed.  I would make sure it does not start at boot.  Only run it when you need its capability.  Ditto for LogMeIn/GotoMeeting.  The Glance extension in Firefox should probably also be disabled except when you need it.
 

Attached Files


  • 0

#3
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Firefox has been working ok so I didn't run it in Safe Mode.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Joe (07-02-2022 13:32:51) Run:2
Running from C:\Users\jotot_000\Desktop
Loaded Profiles: Joe & defaultuser1
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {029DEE92-B63C-4671-83D6-DB6402D7F115} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {02FA788B-9419-4A21-9BF4-2F1529352D9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {816791A3-4811-4BF3-AC62-290C308EFD86} - System32\Tasks\Outlook Express => C:\Program Files (x86)\Outlook Express\tray.exe (No File)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: C:\WINDOWS\Tasks\EPSON DS-410 Update.job => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe/EXE_S:EPSON DS-410,ES0159.DAT /F:UpdateJOE\JoeĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
Handler: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} -  No File
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} -  No File
FirewallRules: [{C0FBF500-0685-4BAF-A8F5-D7736F375DE9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{16D5E111-6413-4D4D-9625-81D1F6E0077D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{9E9DB471-C4F7-4B1B-9E33-D10CEE9D30BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{22E4CEA1-8D68-46AB-BFFC-9F88270567F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{5F7D9FF8-012D-48CE-87DC-3DEF8094DE16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{576D3DFF-216F-4D49-B67E-42FF2AB5143D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{0BCFAA23-1A5D-4CE9-8CF0-2C6137A16313}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [UDP Query User{40BE9436-207C-4E44-8914-F19AA2E6D967}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [{71C7F2AA-6180-4445-9D1E-4B607E5BC6ED}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8402EBE1-A551-432B-9C60-1F4DA8914E59}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
Unlock: C:\WINDOWS\system32\sysmain.dll
File: C:\WINDOWS\system32\sysmain.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk [2015-11-23]
ShortcutTarget: Newsflash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe (Avanquest USA LLC) [File not signed]
HKLM\...\StartupApproved\StartupFolder: => "Newsflash.lnk"
Task: {02FA788B-9419-4A21-9BF4-2F1529352D9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {64995C7B-7DA0-41EB-BC6C-0CBD7661882E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Hosts:
CMD: ipconfig /flushdns
CMD: nslookup geekstogo.com
CMD: nslookup mail.google.com
CMD: tracert -d mail.google.com
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{029DEE92-B63C-4671-83D6-DB6402D7F115}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FA788B-9419-4A21-9BF4-2F1529352D9F}" => not found
"C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{816791A3-4811-4BF3-AC62-290C308EFD86}" => not found
"C:\WINDOWS\System32\Tasks\Outlook Express" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outlook Express" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => not found
"C:\WINDOWS\Tasks\EPSON DS-410 Update.job" => not found
"C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job" => not found
"C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => not found
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
HKLM\Software\Classes\PROTOCOLS\Handler\intu-help-qb13 => not found
HKLM\Software\Classes\PROTOCOLS\Handler\intu-help-qb8 => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0FBF500-0685-4BAF-A8F5-D7736F375DE9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16D5E111-6413-4D4D-9625-81D1F6E0077D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E9DB471-C4F7-4B1B-9E33-D10CEE9D30BB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22E4CEA1-8D68-46AB-BFFC-9F88270567F9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F7D9FF8-012D-48CE-87DC-3DEF8094DE16}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{576D3DFF-216F-4D49-B67E-42FF2AB5143D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0BCFAA23-1A5D-4CE9-8CF0-2C6137A16313}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{40BE9436-207C-4E44-8914-F19AA2E6D967}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71C7F2AA-6180-4445-9D1E-4B607E5BC6ED}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8402EBE1-A551-432B-9C60-1F4DA8914E59}" => not found
"C:\WINDOWS\system32\sysmain.dll" => was unlocked
 
========================= File: C:\WINDOWS\system32\sysmain.dll ========================
 
C:\WINDOWS\system32\sysmain.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package06~31bf3856ad364e35~amd64~~10.0.19041.1415.cat
File is digitally signed
MD5: 6C608C28F3469A3FBB1FC762945AED44
Creation and modification date: 2021-09-16 20:21 - 2021-09-16 20:21
Size: 001005568
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: SysMain
Original Name: sysmain.dll
Product: Microsoft® Windows® Operating System
Description: SysMain Service Host
File Version: 10.0.19041.1202 (WinBuild.160101.0800)
Product Version: 10.0.19041.1202
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk" => not found
"C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Newsflash.lnk" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FA788B-9419-4A21-9BF4-2F1529352D9F}" => not found
"C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64995C7B-7DA0-41EB-BC6C-0CBD7661882E}" => not found
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= nslookup geekstogo.com =========
 
Non-authoritative answer:
 
Server:  openrg.home
Address:  fd4b:8d38:69ba:1:a28e:78ff:fe4e:6ad5
 
Name:    geekstogo.com
Address:  167.206.37.136
 
 
========= End of CMD: =========
 
 
========= nslookup mail.google.com =========
 
Non-authoritative answer:
 
Server:  openrg.home
Address:  fd4b:8d38:69ba:1:a28e:78ff:fe4e:6ad5
 
Name:    googlemail.l.google.com
Addresses:  2607:f8b0:4006:824::2005
  142.250.80.37
Aliases:  mail.google.com
 
 
========= End of CMD: =========
 
 
========= tracert -d mail.google.com =========
 
 
Tracing route to googlemail.l.google.com [142.250.81.229]
over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  192.168.1.1 
  2     9 ms     9 ms     8 ms  10.240.168.57 
  3    10 ms     9 ms     9 ms  67.59.233.240 
  4    11 ms    11 ms    10 ms  67.83.230.154 
  5    11 ms    10 ms    13 ms  65.19.121.58 
  6    12 ms    13 ms    12 ms  65.19.113.1 
  7     *        *        *     Request timed out.
  8    15 ms    14 ms    17 ms  108.170.228.92 
  9    12 ms    13 ms    12 ms  142.251.60.233 
 10    13 ms    13 ms    12 ms  142.250.81.229 
 
Trace complete.
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19043.1466
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.9%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.6%                           ] 
 
[==                         4.7%                           ] 
 
[==                         4.8%                           ] 
 
[==                         4.9%                           ] 
 
[==                         5.0%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.0%                           ] 
 
[===                        6.1%                           ] 
 
[===                        6.3%                           ] 
 
[===                        6.4%                           ] 
 
[===                        6.6%                           ] 
 
[===                        6.8%                           ] 
 
[===                        6.9%                           ] 
 
[====                       7.1%                           ] 
 
[====                       7.3%                           ] 
 
[====                       7.4%                           ] 
 
[====                       7.6%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.0%                           ] 
 
[====                       8.2%                           ] 
 
[====                       8.3%                           ] 
 
[====                       8.5%                           ] 
 
[=====                      8.7%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.0%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.2%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.7%                           ] 
 
[=====                      9.9%                           ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.1%                          ] 
 
[=====                      10.3%                          ] 
 
[=====                      10.3%                          ] 
 
[======                     10.5%                          ] 
 
[======                     10.8%                          ] 
 
[======                     11.1%                          ] 
 
[======                     11.3%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.8%                          ] 
 
[======                     11.9%                          ] 
 
[=======                    12.1%                          ] 
 
[=======                    12.3%                          ] 
 
[=======                    12.8%                          ] 
 
[=======                    13.4%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.1%                          ] 
 
[========                   15.4%                          ] 
 
[=========                  15.7%                          ] 
 
[=========                  15.9%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.7%                          ] 
 
[=========                  16.9%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 17.5%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 18.1%                          ] 
 
[==========                 18.5%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.3%                          ] 
 
[===========                19.6%                          ] 
 
[===========                19.8%                          ] 
 
[===========                20.0%                          ] 
 
[===========                20.3%                          ] 
 
[===========                20.5%                          ] 
 
[===========                20.7%                          ] 
 
[============               20.8%                          ] 
 
[============               21.1%                          ] 
 
[============               21.4%                          ] 
 
[============               21.6%                          ] 
 
[============               21.9%                          ] 
 
[============               22.0%                          ] 
 
[============               22.0%                          ] 
 
[============               22.1%                          ] 
 
[============               22.1%                          ] 
 
[============               22.2%                          ] 
 
[============               22.2%                          ] 
 
[============               22.3%                          ] 
 
[=============              22.6%                          ] 
 
[=============              22.6%                          ] 
 
[=============              22.8%                          ] 
 
[=============              23.0%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.7%                          ] 
 
[=============              23.8%                          ] 
 
[=============              23.8%                          ] 
 
[=============              24.0%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.4%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.7%                          ] 
 
[==============             24.9%                          ] 
 
[==============             25.2%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.5%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.2%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.5%                          ] 
 
[===============            26.6%                          ] 
 
[===============            26.8%                          ] 
 
[===============            26.9%                          ] 
 
[===============            26.9%                          ] 
 
[===============            26.9%                          ] 
 
[===============            27.1%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.4%                          ] 
 
[================           27.6%                          ] 
 
[================           27.8%                          ] 
 
[================           28.0%                          ] 
 
[================           28.2%                          ] 
 
[================           28.3%                          ] 
 
[================           28.3%                          ] 
 
[================           28.4%                          ] 
 
[================           28.5%                          ] 
 
[================           28.7%                          ] 
 
[================           28.8%                          ] 
 
[================           29.0%                          ] 
 
[================           29.2%                          ] 
 
[================           29.3%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.5%                          ] 
 
[=================          29.6%                          ] 
 
[=================          29.8%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.3%                          ] 
 
[=================          30.6%                          ] 
 
[=================          30.7%                          ] 
 
[=================          30.9%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.4%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.0%                          ] 
 
[==================         32.0%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.5%                          ] 
 
[===================        32.8%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.2%                          ] 
 
[===================        33.2%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.6%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.8%                          ] 
 
[===================        33.9%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.1%                          ] 
 
[===================        34.2%                          ] 
 
[===================        34.2%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.4%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.7%                          ] 
 
[====================       34.7%                          ] 
 
[====================       34.8%                          ] 
 
[====================       34.8%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.3%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[====================       35.7%                          ] 
 
[====================       35.9%                          ] 
 
[====================       36.1%                          ] 
 
[====================       36.2%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.6%                          ] 
 
[=====================      36.7%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.6%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.9%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.3%                          ] 
 
[======================     39.4%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.2%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.9%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.5%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.9%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  43.9%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.4%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.7%                          ] 
 
[========================== 44.8%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.6%                          ] 
 
[========================== 45.8%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.5%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.4%                          ] 
 
[===========================47.6%                          ] 
 
[===========================47.8%                          ] 
 
[===========================48.3%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.8%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.5%                          ] 
 
[===========================49.6%                          ] 
 
[===========================49.8%                          ] 
 
[===========================50.1%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.6%                          ] 
 
[===========================50.9%                          ] 
 
[===========================51.1%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.9%                          ] 
 
[===========================51.9%                          ] 
 
[===========================51.9%                          ] 
 
[===========================51.9%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================58.9%==                        ] 
 
[===========================59.0%==                        ] 
 
[===========================59.1%==                        ] 
 
[===========================59.4%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================60.2%==                        ] 
 
[===========================62.3%====                      ] 
 
[==========================100.0%==========================] 
 
Error: 0x800f081f
 
The source files could not be found. 
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see https://go.microsoft.../?LinkId=243077.
 
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by Joe (administrator) on JOE (Dell Inc. OptiPlex 9020) (07-02-2022 14:56:50)
Running from C:\Users\jotot_000\Desktop
Loaded Profiles: Joe & defaultuser1
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(FUJIFILM Corporation.) [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\updater-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\ws.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Starfield Technologies, LLC -> Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] (GoPro, Inc. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2021-08-18] (Corel Corporation -> WinZip Computing, S.L.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3800328 2018-04-27] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-10-11] (Memeo Inc. -> Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] (Memeo Inc. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-10] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5819104 2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2656112 2021-04-16] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Installer\setup.exe [3195784 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10985776 2022-01-14] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Starfield Updater] => C:\Users\jotot_000\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [wben] => C:\Users\jotot_000\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies, LLC)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Workspace Status] => C:\Users\jotot_000\AppData\Local\Workspace\workspacestatus.exe [694760 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [190280 2022-01-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON WF-3520 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJJE.DLL [120320 2015-01-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2022-01-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2022-01-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2022-01-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2022\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Set FUJIFILM PC AutoSave to stby.lnk [2016-08-09]
ShortcutTarget: Set FUJIFILM PC AutoSave to stby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-01-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03916563-C51C-42ED-B818-F3C47472B7ED} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {07A5D3DA-E275-4712-B056-3BFED65BCB35} - System32\Tasks\EPSON DS-410 Update => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe [690176 2019-03-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {2D86FBC9-D223-4327-85DC-C8FBC1211656} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {384DCD62-6B91-4154-8224-E83F82D8229D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DA29701-9247-41F8-ACD2-36C79E03467D} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672 2021-10-11] (Intuit, Inc. -> Intuit Inc.)
Task: {4EE71C2E-7673-4980-BF7B-6A0B39D7082F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {5A6AC5E4-E5D9-40A1-ABC6-727EBC4FD572} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {5EAA5518-E575-403C-86B1-76A1E7087233} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6166BE6D-B100-4CFB-98CB-AE5A8772EA84} - System32\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {616F008C-5800-435B-BBAE-CC8BA00CF787} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {61934EE2-DD00-4CE7-897A-798AF5BE8C9C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {807F871D-3030-47F7-BA2F-ED29B8D50CAE} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2021-08-18] (Corel Corporation -> Corel Corporation)
Task: {8D2F9DBA-D87C-4490-90FD-F2E1ED1FAAC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E813C2C-EF13-4F4C-9D89-4028532547BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {9C84C4B1-BDB5-40D6-B95D-8E80FB9951D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1172360 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A45620A7-0B22-4511-AD2B-36B23BE979F3} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {ABE7D929-CDE7-48A7-B776-2CDA78969139} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {AF4FE8A2-6250-44C1-A10E-04CC2DD2D6D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BB29DA99-C28F-4CAC-A881-E36A667CCC4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E22AA4E3-A809-46A3-B710-A4ED4C2D1FDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E41BD27C-44DA-43D7-A382-4093320DC34B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {EB482E52-87E2-40EF-80E1-B7AEE77F2F6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {F0A12BC8-E204-4512-8F65-04342B30DB13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {F2E1C605-75DF-48D6-BA70-E7A502168DCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD62E65E-85DB-4328-B644-BC57869740C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{469b0b08-473a-41ff-a6da-1e3bc03494a9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{93c88401-f7b1-4dd7-8a17-fa3bcc99a41e}: [DhcpNameServer] 172.20.10.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-24]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2022-01-24]
 
FireFox:
========
FF DefaultProfile: 9ddwzvzd.default-1598568816359
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release [2022-02-07]
FF Notifications: Mozilla\Firefox\Profiles\tnu8utwl.default-release -> hxxps://www.smithsonianmag.com; hxxps://www.propertyshark.com; hxxps://mail.google.com
FF Extension: (WBE Paste) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-01-27] [Legacy] [not signed]
FF Extension: (True Key™ by McAfee) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\@true-key.xpi [2021-11-19] [UpdateUrl:hxxps://downloads.truekey.com/firefox/update.json]
FF Extension: (Honey) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\[email protected] [2021-06-26]
FF Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2022-01-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-26]
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\9ddwzvzd.default-1598568816359 [2022-02-04]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @citrixonline.com/appdetectorplugin -> C:\Users\jotot_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-15] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-01-27]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default [2022-02-07]
CHR Notifications: Default -> hxxps://pdfconverterhub.com; hxxps://www.facebook.com; hxxps://zmusic-online.com
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-31]
CHR Extension: (Docs) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-31]
CHR Extension: (Google Drive) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (DuckDuckGo) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-01-30]
CHR Extension: (YouTube) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Salesforce Inbox) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkgdfnjmgamkcpjdljdncfjcegpgcdg [2021-02-21]
CHR Extension: (Google Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Yahoo Partner) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2020-08-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-07]
CHR Extension: (McAfee® Secure Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\enppghjcblldgigemljohkgpcompnjgh [2021-05-21]
CHR Extension: (Sheets) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-19]
CHR Extension: (Glance Networks) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gniobnbbehpgbcamkdplghfimhocklgb [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] (Advanced Micro Devices, Inc. -> )
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-10] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-05-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] (GoPro, Inc. -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2440568 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [715640 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [697208 2019-01-18] (PDFescape -> Red Software)
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2021-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [40784 2021-04-08] (Intuit, Inc. -> )
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14752 2012-10-15] (Memeo Inc. -> Memeo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-07 13:32 - 2022-02-07 14:32 - 000054115 _____ C:\Users\jotot_000\Desktop\Fixlog.txt
2022-02-07 13:24 - 2022-02-07 13:32 - 000011046 _____ C:\Users\jotot_000\Desktop\fixlist.txt
2022-02-07 13:23 - 2022-02-07 13:23 - 000022092 _____ C:\Users\jotot_000\Downloads\fixlist (3).txt
2022-02-07 13:21 - 2022-02-07 13:21 - 000022092 _____ C:\Users\jotot_000\Downloads\fixlist (2).txt
2022-02-07 13:20 - 2022-02-07 13:20 - 000022092 _____ C:\Users\jotot_000\Downloads\fixlist (1).txt
2022-02-05 12:47 - 2022-02-05 12:47 - 000022092 _____ C:\Users\jotot_000\Downloads\fixlist.txt
2022-02-05 00:28 - 2022-02-05 00:28 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Comms
2022-02-04 22:40 - 2022-02-05 05:23 - 000000000 ____D C:\Users\defaultuser1\AppData\Roaming\Adobe
2022-02-04 22:40 - 2022-02-04 22:40 - 000000000 ____D C:\Users\defaultuser1\AppData\LocalLow\Adobe
2022-02-04 22:40 - 2022-02-04 22:40 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\CEF
2022-02-04 22:40 - 2022-02-04 22:40 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Adobe
2022-02-04 22:29 - 2022-02-05 00:28 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Packages
2022-02-04 22:29 - 2022-02-04 22:29 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\VirtualStore
2022-02-04 22:29 - 2022-02-04 22:29 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\offsync
2022-02-04 22:29 - 2022-02-04 22:29 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Intuit
2022-02-04 22:28 - 2022-02-04 22:29 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ConnectedDevicesPlatform
2022-02-04 22:28 - 2022-02-04 22:28 - 000000020 ___SH C:\Users\defaultuser1\ntuser.ini
2022-02-04 22:28 - 2022-02-04 22:28 - 000000000 __SHD C:\Users\defaultuser1\IntelGraphicsProfiles
2022-02-04 22:28 - 2022-02-04 22:28 - 000000000 ____D C:\Users\defaultuser1
2022-02-04 22:28 - 2019-12-07 04:10 - 000001105 _____ C:\Users\defaultuser1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-04 22:28 - 2016-09-16 07:58 - 000000000 ____D C:\Users\defaultuser1\AppData\Roaming\ATI
2022-02-04 22:28 - 2016-09-16 07:58 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ATI
2022-02-04 16:53 - 2022-02-04 16:53 - 000134143 _____ C:\Users\jotot_000\Desktop\FBI Complaint.pdf
2022-02-04 14:38 - 2022-02-04 14:38 - 000071978 _____ C:\Users\jotot_000\Desktop\FRSAT Addition2.txt
2022-02-04 14:37 - 2022-02-04 14:37 - 000054390 _____ C:\Users\jotot_000\Desktop\FRST 2.txt
2022-02-03 11:53 - 2022-02-03 11:55 - 000000000 ___HD C:\adobeTemp
2022-01-28 19:27 - 2022-01-28 19:27 - 000000000 ____D C:\WINDOWS\system32\p ö
2022-01-28 19:27 - 2022-01-28 19:27 - 000000000 ____D C:\WINDOWS\system32\À ö
2022-01-25 20:31 - 2022-01-25 20:31 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-01-25 20:31 - 2022-01-25 20:31 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-21 10:45 - 2022-01-28 11:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-19 16:19 - 2022-01-19 16:19 - 000279408 _____ C:\Users\jotot_000\Desktop\DMAS POLICY Tow Truck UD 22.23.pdf
2022-01-19 16:19 - 2022-01-19 16:19 - 000182637 _____ C:\Users\jotot_000\Desktop\DMAS INV Tow Truck UD 22.23.pdf
2022-01-19 09:25 - 2022-01-19 10:04 - 000410575 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 140 2022.pdf
2022-01-19 09:25 - 2022-01-19 09:48 - 000493796 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 126 2022.pdf
2022-01-19 09:25 - 2022-01-19 09:44 - 000623439 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 125 2022.pdf
2022-01-14 14:06 - 2022-01-14 14:06 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\jotot_000\Downloads\LatencyMon(1).exe
2022-01-14 13:48 - 2022-01-14 13:48 - 000095466 _____ C:\Users\jotot_000\Desktop\Guatelinda Acord 127 Add Lot 234 W Main.pdf
2022-01-14 13:39 - 2022-01-14 13:39 - 000092822 _____ C:\Users\jotot_000\Documents\Recipt for Fire Supression '.pdf
2022-01-12 22:51 - 2022-01-14 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2022-01-12 22:51 - 2022-01-14 14:07 - 000000000 ____D C:\Program Files\LatencyMon
2022-01-12 22:51 - 2022-01-12 22:51 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\jotot_000\Downloads\LatencyMon.exe
2022-01-12 22:51 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-01-12 22:45 - 2022-01-12 22:48 - 000399826 _____ C:\Users\jotot_000\Desktop\JOE.txt
2022-01-12 22:43 - 2022-01-12 22:43 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-01-12 22:43 - 2022-01-12 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2022-01-12 22:43 - 2022-01-12 22:43 - 000000000 ____D C:\Program Files\Speccy
2022-01-12 22:41 - 2022-01-12 22:41 - 000003606 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-01-12 22:41 - 2022-01-12 22:41 - 000003604 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-01-12 22:41 - 2022-01-12 22:41 - 000003604 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-01-12 22:41 - 2022-01-12 22:41 - 000000000 ____D C:\Users\jotot_000\AppData\Local\WinZip
2022-01-12 22:40 - 2022-01-12 22:41 - 000001914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-01-12 22:40 - 2022-01-12 22:41 - 000001910 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-01-12 22:40 - 2022-01-12 22:41 - 000001898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-01-12 22:40 - 2022-01-12 22:40 - 008234296 _____ (Piriform Software Ltd) C:\Users\jotot_000\Downloads\spsetup132(1).exe
2022-01-12 22:40 - 2022-01-12 22:40 - 000002087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\ProgramData\WinZip
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-01-12 22:40 - 2022-01-12 22:40 - 000000000 ____D C:\Program Files\WinZip
2022-01-12 22:38 - 2022-01-12 22:38 - 008234296 _____ (Piriform Software Ltd) C:\Users\jotot_000\Downloads\spsetup132.exe
2022-01-12 22:37 - 2022-01-12 22:37 - 000000000 ____D C:\ProgramData\UniqueId
2022-01-12 22:36 - 2022-01-12 22:36 - 001016656 _____ (WinZip Computing) C:\Users\jotot_000\Downloads\winzip26-p014.exe
2022-01-12 22:33 - 2022-01-12 22:33 - 000023063 _____ C:\Users\jotot_000\Desktop\Registry.txt
2022-01-12 22:24 - 2022-01-12 22:24 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\jotot_000\Downloads\procexp.exe
2022-01-12 22:13 - 2022-01-12 22:13 - 008369755 _____ (UserBenchmark.com) C:\Users\jotot_000\Downloads\UserBenchMark.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-11 17:23 - 2022-01-11 17:23 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-11 16:55 - 2022-01-11 16:58 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-02-07 14:58 - 2021-11-29 23:18 - 000035651 _____ C:\Users\jotot_000\Desktop\FRST.txt
2022-02-07 14:57 - 2021-11-17 11:42 - 000000000 ____D C:\FRST
2022-02-07 14:57 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-07 14:56 - 2021-11-29 23:24 - 000060438 _____ C:\Users\jotot_000\Desktop\Addition.txt
2022-02-07 14:17 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-07 14:01 - 2016-02-02 10:58 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-07 13:33 - 2021-10-11 11:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-07 12:38 - 2020-09-05 02:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-07 09:36 - 2016-11-15 16:34 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\Mozilla
2022-02-07 09:25 - 2019-02-12 20:20 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-07 05:23 - 2020-04-07 14:41 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-02-06 21:14 - 2016-01-27 11:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-02-06 13:29 - 2021-11-01 12:58 - 000000000 ____D C:\Users\jotot_000\Documents\Outlook Files
2022-02-05 12:31 - 2021-11-29 23:17 - 000000000 ____D C:\Users\jotot_000\Desktop\FRST-OlderVersion
2022-02-05 12:31 - 2021-11-29 23:16 - 002311680 _____ (Farbar) C:\Users\jotot_000\Desktop\FRST64.exe
2022-02-05 03:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-04 22:32 - 2018-02-01 14:51 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Packages
2022-02-04 22:28 - 2017-06-09 23:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-02-04 19:28 - 2020-06-23 18:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-04 19:28 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-04 17:03 - 2017-03-29 16:59 - 000000000 ____D C:\Users\jotot_000\Desktop\Joe
2022-02-04 09:14 - 2019-02-01 11:16 - 000000000 ____D C:\Users\jotot_000\AppData\Local\A11E13BE-94F8-4773-855B-43D51C40C866.aplzod
2022-02-04 08:43 - 2020-04-07 14:56 - 000000000 ___RD C:\Users\jotot_000\Creative Cloud Files
2022-02-01 13:09 - 2015-10-15 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-01-30 09:51 - 2020-12-18 17:01 - 000000000 ____D C:\Users\jotot_000\AppData\Local\CrashDumps
2022-01-28 11:18 - 2020-08-27 18:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-28 11:18 - 2015-10-14 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-28 11:00 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-27 23:17 - 2020-09-05 02:31 - 000000000 ____D C:\Users\jotot_000
2022-01-27 23:15 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Adobe
2022-01-27 23:06 - 2020-09-05 03:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-27 23:06 - 2020-09-05 02:28 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-27 11:31 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1867227179-3748921823-2400054393-1001
2022-01-27 11:31 - 2021-04-29 09:43 - 000002428 _____ C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-27 11:31 - 2020-09-05 03:01 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1867227179-3748921823-2400054393-1001
2022-01-25 20:31 - 2021-07-08 10:26 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\IGDump
2022-01-25 20:31 - 2020-12-10 10:25 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-25 20:30 - 2018-01-11 22:58 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-25 20:30 - 2015-10-15 14:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-25 18:21 - 2020-09-05 03:01 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 18:21 - 2020-09-05 03:01 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-25 01:03 - 2016-02-02 10:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-20 23:56 - 2020-09-05 03:01 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-20 23:56 - 2020-09-05 03:01 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 13:22 - 2020-07-27 10:52 - 000014812 _____ C:\Users\jotot_000\Desktop\Comission.xlsx
2022-01-18 01:03 - 2015-10-15 14:14 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2022-01-18 01:02 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-18 01:02 - 2017-06-09 23:07 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-01-14 14:25 - 2015-10-15 11:48 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Adobe
2022-01-12 22:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-11 17:51 - 2020-09-05 03:01 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-11 17:50 - 2015-12-20 12:12 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-11 17:47 - 2020-09-05 05:59 - 000795864 _____ C:\WINDOWS\system32\perfh00C.dat
2022-01-11 17:47 - 2020-09-05 05:59 - 000151260 _____ C:\WINDOWS\system32\perfc00C.dat
2022-01-11 17:47 - 2020-09-05 02:50 - 001786510 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-11 17:40 - 2020-09-05 02:29 - 000514744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-11 17:36 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-11 17:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-11 16:52 - 2015-10-15 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-11 16:47 - 2015-10-15 11:07 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-11 13:05 - 2020-04-07 15:52 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2022-01-11 13:05 - 2020-04-07 15:52 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
 
==================== Files in the root of some directories ========
 
2021-08-19 09:06 - 2021-08-19 09:06 - 000503808 _____ (Intuit Inc.) C:\Program Files\Common Files\GraphSeriesCol.dll
2017-03-06 15:14 - 2017-03-06 15:14 - 000001456 _____ () C:\Users\jotot_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-07 14:58 - 2020-04-07 14:58 - 000000000 _____ () C:\Users\jotot_000\AppData\Local\oobelibMkey.log
2021-11-17 10:29 - 2021-11-17 10:29 - 000000052 _____ () C:\Users\jotot_000\AppData\Local\xx.ini
2017-01-03 15:25 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\jotot_000\AppData\Local\Z@!-50796960-5d90-4787-ab9e-84ae443b2d9f.tmp
2017-01-03 15:25 - 2016-07-14 04:09 - 000009216 _____ () C:\Users\jotot_000\AppData\Local\Z@S!-335b5983-63e4-49a4-bc2d-4f07790fd948.tmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Joe (07-02-2022 14:58:48)
Running from C:\Users\jotot_000\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) (2020-09-05 08:02:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1867227179-3748921823-2400054393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867227179-3748921823-2400054393-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-1867227179-3748921823-2400054393-1327 - Limited - Enabled) => C:\Users\defaultuser1
Guest (S-1-5-21-1867227179-3748921823-2400054393-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1867227179-3748921823-2400054393-1005 - Limited - Enabled)
Joe (S-1-5-21-1867227179-3748921823-2400054393-1001 - Administrator - Enabled) => C:\Users\jotot_000
WDAGUtilityAccount (S-1-5-21-1867227179-3748921823-2400054393-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
BitRecover TIFF Converter Wizard (HKLM-x32\...\BitRecover TIFF Converter Wizard_is1) (Version:  - BitRecover)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Document Capture Pro (HKLM-x32\...\{BFCA1EA6-1EE8-454D-BAA2-5155948C40A0}) (Version: 3.1.1.0 - Seiko Epson Corporation)
Epson DS-410 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson DS-410 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
Epson Event Manager (HKLM-x32\...\{3EB0F026-9811-4129-973E-215745F5F2C8}) (Version: 3.11.70 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Scan OCR Component Pro (HKLM-x32\...\{7C3DDC52-B63F-463D-B41E-9D619EF93823}) (Version: 1.0.7 - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
GlanceGuest version 4.2.0.38 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.2.0.38 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7955 - Memeo Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14827.20158 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0527a644a4ddd31d) (Version: 17.0.7440.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.3 (x64 en-US)) (Version: 96.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 91.2.1 (x86 en-US)) (Version: 91.2.1 - Mozilla)
MyLabel Designer Deluxe (HKLM-x32\...\{856CD2A4-9BCE-4ED2-B7F5-A96C960081C1}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
Newsflash (HKLM-x32\...\{1A722192-4AEA-4911-9F71-EBECEDC970B5}) (Version: 1.0.0.7 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version:  - )
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 3.0.26.634 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{9C203993-F3BE-4BFC-A254-CB216829D42A}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{824918B9-04A8-443B-B512-081E759C4A55}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{5797860C-821C-48FA-A7C0-B78B89A841C0}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{E4554E04-278B-4A1E-AC60-F2B70D38EB6E}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{E8EE3BDD-8FD5-4198-9DBD-93DBAE6AEA84}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{AD066E45-9601-433B-AB97-6FD927DE7A5D}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{0F869EA9-0E13-429B-8BA0-B4ACEA3141F2}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{8043C225-A362-485A-A9E9-BFBCF3D1F738}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{50E88EA2-1DF3-4769-9753-B5F8C26FE0CC}) (Version: 3.1.16.2121 - Red Software) Hidden
QBIDPServiceInstall (HKLM-x32\...\{C639494E-FAF1-47FB-9EB3-AA296040F456}) (Version: 1.24.4000 - Intuit, Inc.)
QuickBooks (HKLM\...\{A8FB867A-1595-43B2-8F8C-B6112C77CB8D}) (Version: 32.0.4003.3201 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4011.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4010.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4D29DF3C-1A3F-42F7-A565-136F3E5EBD59}) (Version: 31.0.4008.3103 - Intuit Inc.) Hidden
QuickBooks Pro 2018 (HKLM-x32\...\{92254DF4-E735-4B1F-9E61-D1EE5FAAC03D}) (Version: 28.0.4006.2806 - Intuit Inc.)
QuickBooks Pro 2019 (HKLM-x32\...\{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4003.2901 - Intuit Inc.)
QuickBooks Pro 2021 (HKLM-x32\...\{F9E2B890-E921-43AF-AB40-B9D8072CD7E4}) (Version: 31.0.4003.3103 - Intuit Inc.)
QuickBooks Pro 2022 (HKLM\...\{20474FEE-49A6-492B-B731-14D208F2432C}) (Version: 32.0.4001.3201 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks Tool Hub (HKLM-x32\...\{5A43047E-1ACD-4F89-99E6-69988300E6AB}) (Version: 1.4.0.0 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1230 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413B}) (Version: 26.0.14610 - Corel Corporation)
Workspace Desktop (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\workspacedesktop) (Version:  - Starfield Technologies)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zoom (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-04-07] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Age of Empires: Definitive Edition -> C:\Program Files\WindowsApps\Microsoft.MSDallas_1.3.27374.2_x64__8wekyb3d8bbwe [2019-08-20] (Microsoft Studios)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-28] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-10] (Microsoft Studios) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-29] (Microsoft Corporation) [MS Ad]
Passbook Converter -> C:\Program Files\WindowsApps\60967wertzui.PassbookConverter_3.0.0.0_x64__fj0k61qv743vg [2018-07-19] (wertzui)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-08-04] (Adobe Systems Incorporated)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.5.0_x64__r1b4jsc7ddp3p [2021-11-08] (Total PC Cleaner)
Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2016-01-29] (Jujuba Software) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-53889B4FA3EA} -> [Creative Cloud Files] => C:\Users\jotot_000\Creative Cloud Files [2020-04-07 14:56]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies, LLC -> Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technologies, Inc. -> Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{e64977bd-9e0b-498d-843e-1776102710aa}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2022\qbw.exe (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2019-01-18] (PDFescape -> Red Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-11-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-27] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2021-08-18] (Corel Corporation -> WinZip Computing)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\system32\CFHD.dll [1334784 2017-03-16] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2017-03-16] (CineForm Inc.) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2013-02-28 18:14 - 2013-02-28 18:14 - 000188416 _____ () [File not signed] [File is in use] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000118784 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000135168 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2016-11-21 15:55 - 2016-11-21 15:55 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2016-11-21 15:55 - 2016-11-21 15:55 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2020-04-19 12:20 - 2020-04-19 12:20 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-19 12:20 - 2020-04-19 12:20 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-03-30 18:48 - 2018-03-30 18:48 - 000428032 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDFescape Desktop\libcurl.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {37B9F5B8-4AB3-412B-9850-CF242FA4831D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2018-12-03] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2019-11-27] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb14 - {C854407F-AA78-4036-A9C1-54EBA9BD3608} - C:\Program Files (x86)\Intuit\QuickBooks 2021\HelpAsyncPluggableProtocol.dll [2021-10-11] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb15 - {0EEC9CBF-4C3D-45B3-9384-3C3CA3034A8B} - C:\Program Files\Intuit\QuickBooks 2022\HelpAsyncPluggableProtocol.dll [2021-11-10] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2022-02-07 13:33 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1867227179-3748921823-2400054393-1327\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Set FUJIFILM PC AutoSave to stby.lnk"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Memeo Instant Backup"
HKLM\...\StartupApproved\Run32: => "Seagate Dashboard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Workspace Status"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Starfield Updater"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "wben"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "EPSDNMON"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FF2D9E81-6FBE-4D1D-80D2-2D32D2474550}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B8BA946F-60B4-4D31-A268-F5DD75524510}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74573347-C908-40D5-B900-0BD343885DEC}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{AB23CF5D-A715-4370-8C6A-80905AD5AB2A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{3B568426-690B-4464-AD48-2487343015F7}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{4DFC08BB-1163-4458-95CF-CA5D81E31CF3}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro, Inc. -> )
FirewallRules: [{78DFE748-E16E-4351-A2EC-3C7D1F398230}] => (Allow) LPort=54925
FirewallRules: [{548B3138-D2B7-420E-8910-100BBCB11CD2}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation) [File not signed]
FirewallRules: [UDP Query User{CE125F92-7108-4CFD-B605-6B054E29BCDA}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{11BD614B-D286-4893-B2BB-B92A4F4A01B1}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{1B44FE03-4E15-43A5-AF74-CBFA6A60F585}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D54D2481-6900-4753-9B8D-1913455141FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{15BFB4BB-0E45-4D6B-B486-2A9B644BCAD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{117E393E-7828-4683-93C4-9ED39F522740}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F0640770-A0F9-403D-A5DD-37623F4DC05B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{839672FE-FF0D-4BA6-B1CC-7826AD29D75F}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{E5929727-7809-4324-A237-0FE101D81D93}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{39B58CAF-3780-43B3-9610-1823198930DA}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4060716F-90F7-4835-BD7E-FAA1FD8F5870}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4D35C7C8-CD43-4215-9782-21C8DD94901B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BD34B93C-3052-4BA1-987C-2B6893993409}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2AB3B57E-00EE-4417-A442-C60A5272A580}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6624C76C-77A6-43FD-A285-1F7D52E4C196}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3416BE92-DD60-4E05-90C3-6E533D224042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21734E20-4A6D-4E73-A54B-BF6EF2289138}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{76482A60-BA93-4E05-9F43-154F2E4565B3}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{FC6A7572-476E-43C2-84C0-BF250A23C3F0}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1B4E26B3-F0EB-4180-91CB-E3B42DA575D7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{A588D94F-2ECB-4BB2-ADE7-BD0AEE41A2AD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{78887D19-6446-4EC4-9C01-936070B0FF73}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{38161695-ECA7-4E8E-B4F4-18C2BD1F9EB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00646EDB-64C6-4A97-A568-2BDE397828C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{026FD58A-174F-4E81-A1E1-3B63020A6080}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A325730-BB6F-4D45-873C-6EEF73A86DBB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D90C31F7-A721-483D-84E9-B8E6687D0F84}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7689F56-538F-4301-94E5-B5CFA4C69D94}] => (Allow) C:\Program Files\Intuit\QuickBooks 2022\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{AB3964C8-985F-4DC2-AB98-9CE736460B3E}] => (Allow) C:\Program Files\Intuit\QuickBooks 2022\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{4462C18C-833F-463E-8EE4-03053B54DAD6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14E9FB9D-BA55-4CDF-A1F6-5A6F21440675}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AFD93E6A-40BD-415A-A1A5-B3810A69BC71}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
07-02-2022 03:16:42 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/07/2022 09:48:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/06/2022 09:40:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (02/06/2022 09:25:00 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on \\?\Volume{885190b7-72f6-11e5-824c-806e6f6e6963}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (02/05/2022 01:48:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.2.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 64f4
 
Start Time: 01d81abebf3a6e8c
 
Termination Time: 4294967295
 
Application Path: C:\Users\jotot_000\Desktop\FRST64.exe
 
Report Id: 9780ac30-01a7-4418-b05e-fe06594992da
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Top level window is idle
 
Error: (02/05/2022 01:40:21 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: JOE)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (02/05/2022 01:40:21 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: JOE)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (02/05/2022 12:40:46 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {455704b7-b3bf-4a41-98f9-0e394dedb163}
 
Error: (02/05/2022 12:39:58 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {455704b7-b3bf-4a41-98f9-0e394dedb163}
 
 
System errors:
=============
Error: (02/06/2022 06:03:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/06/2022 06:03:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/06/2022 12:03:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/06/2022 12:03:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/05/2022 02:55:57 PM) (Source: DCOM) (EventID: 10010) (User: JOE)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
Error: (02/05/2022 11:15:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/05/2022 11:15:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (02/05/2022 04:51:00 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
Windows Defender:
================
Date: 2022-02-06 18:53:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-05 18:43:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-04 18:16:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-03 18:23:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-02-02 18:15:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-10-01 10:54:16
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-09-11 04:35:01
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A07 04/25/2014
Motherboard: Dell Inc. 06X1TJ
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 73%
Total physical RAM: 8100.18 MB
Available physical RAM: 2136.63 MB
Total Virtual: 13410.33 MB
Available Virtual: 4667.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:919.74 GB) (Free:599.92 GB) NTFS
 
\\?\Volume{885190b7-72f6-11e5-824c-806e6f6e6963}\ () (Fixed) (Total:11.73 GB) (Free:10.93 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A71DED74)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

Did Firefox stop acting up before or after running the fixlist?

 

I'm not sure I trust your DNS service.  The address the fixlist got for Geekstogo is different from the one I get tho that might be because you are not in Florida.  I would manually set the DNS servers to 8.8.8.8 and 4.2.2.1 for a while and see if things work better.

 

https://www.hellotec...ver-windows-mac

 

DISM appears to have had trouble getting to the Microsoft website and took too long so SFC didn't get to run.  Let's run another fixlist with just SFC and a check of the DISM log.  (If you have run DISM several times the log can get so big that you will need to attach the fixlog instead of copy and paste.  The fixlist will also check that your clock is set correctly since you are getting several TTL errors.

 

This one should take about 10 minutes and should not need to reboot.  Just download the fixlist and run FRST and hit Fix.  No need to rerun FRST scan.

 

Attached File  fixlist.txt   280bytes   147 downloads

 

 

 

 


  • 0

#5
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I haven't been using Firefox since I ran Malewarebytes & SUPERAntiSpyware before receiving your assistance. Just tried it, seems to be working fine.

 

Fixlog too big - 15MB. Tried advanced uploader, still no luck. Any ideas for me?


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

I'll send you my email in a PM.  You can use https://wetransfer.com/

 

Click on the + and point it at the log file then fill in the rest of the info they want.

 

If you don't want to do that you can edit the file to delete all but the last log then it will hopefully fit.

If you look at the dism log part of the fixlog you will see that it is actually multiple runs stuck together.  This is the dividing line between two logs:

 

2022-02-06 15:14:59, Info                         CSetupFilesCleanup::Deactivate - session deactivated for Plugin:Windows Upgrade Log Files, Client Process:C:\WINDOWS\system32\cleanmgr.exe
(End of previous log)
2022-02-07 14:23:06, Info                  DISM   API: PID=11160 TID=1140 DismApi.dll:                                            - DismInitializeInternal
2022-02-07 14:23:06, Info                  DISM   API: PID=11160 TID=1140 DismApi.dll: <----- Starting DismApi.dll session -----> - DismInitializeInternal
(These two line start each new log.  Note the date changes between the old log and the new)

  • 0

#7
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Got it. Thanks!

 

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP