Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop slowed right down [Solved]


  • This topic is locked This topic is locked

#1
dpwm

dpwm

    Member

  • Member
  • PipPip
  • 11 posts

Hi I  hope you can help

 

My laptop has really slowed down and it's crashing adobe photoshop and running really slow when a few programs are open. Chrome runs slowly most of the time now as well.

 

Many thanks in advance

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.07.2024
Ran by motti (administrator) on DARRELL-HP-SPEC (HP HP Spectre x360 Convertible 13-aw0xxx) (13-07-2024 16:44:24)
Running from C:\Users\motti\OneDrive\Desktop\FRST64.exe
Loaded Profiles: User & motti
Platform: Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>
(C:\Program Files (x86)\GoToMeeting\19992\g2mcomm.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToMeeting\19992\g2mlauncher.exe
(C:\Program Files (x86)\GoToMeeting\19992\g2mstart.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToMeeting\19992\g2mcomm.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe <6>
(C:\Users\motti\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe ->) (Agilebits -> 1Password) C:\Users\motti\AppData\Local\1Password\app\8\1Password.exe <4>
(C:\Users\motti\OneDrive\Desktop\FRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2405.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\motti\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxCUIServiceN.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\BridgeCommunication.exe <3>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <18>
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToMeeting\19992\g2mstart.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ) C:\Windows\SysWOW64\ElanTouchXiSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5260ddd49ca9ef3b\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_e860b467f6e0e00c\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7fce628e158be8d7\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Reallusion Inc. -> Reallusion.Inc) C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21998.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21998.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [980496 2019-09-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [HPOneAgentService] => C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1939472 2024-06-11] (HP Inc. -> HP Inc; HP Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2024-05-07] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9248144 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [GoToMeetingInstall19992] => C:\Program Files (x86)\GoToMeeting\19992\G2MInstaller.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194056 2024-06-11] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45629344 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCleanerBrowserAutoLaunch_8D4CC1622ACB2D8CF3B8EA616AD9F228] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [electron.app.Loom] => C:\Users\motti\AppData\Local\Programs\Loom\Loom.exe [139767008 2022-04-28] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\motti\AppData\Local\Microsoft\Teams\Update.exe [2613704 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [MicrosoftEdgeAutoLaunch_2F00D187B1D9FA874EA7F713C90970C2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\motti\AppData\Local\WebEx\WebexHost.exe [8039008 2023-04-10] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [electron.app.BlueStacks Services] => C:\Users\motti\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [1Password] => C:\Users\motti\AppData\Local\1Password\app\8\1Password.exe [176788320 2024-07-10] (Agilebits -> 1Password)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [GoogleChromeAutoLaunch_9D886D343CA417F5BE314B99A95D3F56] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2795808 2024-06-22] (Google LLC -> Google LLC)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8523168 2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CiscoSpark] => C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1468 2024-07-13] () [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP CE11 Status Monitor: C:\WINDOWS\system32\hpinkstsCE11LM.dll [393352 2017-03-20] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\126.0.25558.127\Installer\chrmstp.exe [2024-07-12] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-26] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reallusion Hub.lnk [2023-01-31]
ShortcutTarget: Reallusion Hub.lnk -> C:\Program Files\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe (Reallusion Inc. -> Reallusion Inc.)
Startup: C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-06-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartRLCMS.lnk [2024-06-12]
ShortcutTarget: StartRLCMS.lnk -> C:\ProgramData\Reallusion\RLRunUtility.exe (Reallusion Inc. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AA87FC4E-86AC-4307-B5B8-CBE36B0D9D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {283DF49F-A2A5-4115-B105-1806F846A437} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1136560 2024-06-27] (Adobe Inc. -> Adobe Inc.)
Task: {8F70E18E-CE9D-4D2F-86BA-4B04639DC62B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2C91F788-322E-4BB6-AA1E-0ADFB1862E3F} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4454832 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {97013843-FA2E-4BC7-9350-6DA0B50D360B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-25] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {AA7A1856-9F21-4FF1-96BE-EC86D74084A4} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {4870C176-FE00-40B7-A6E9-EEEE3A1E6D29} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {F78F0C83-ACB0-486D-AA67-EEBE6E2B5969} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {49235ACF-5CB6-4D1B-A70E-A08AEF378983} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1717416 2024-04-23] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {7EC982AC-22B7-40A0-B01B-EDDE84DA529B} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [39451552 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {6350A572-F37C-4D77-BBF0-157DBE407BE3} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5b736df5-b3b7-4f62-b89a-cfefa97e4f09" --version "6.25.11131" --silent
Task: {01D7E00B-9642-4604-B9D5-1489E429AAE7} - System32\Tasks\CCleanerSkipUAC - motti => C:\Program Files\CCleaner\CCleaner.exe [39451552 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4024D1FC-4571-4F45-82B6-3C391E1EF381} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {A0EA4502-3DCA-4247-B2C5-A8B02C572750} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {BDED7DBD-92A8-4C28-AADB-ACA85E100435} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F204FC16-E047-4E30-A9D6-113F08BBE806} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AFEE6E1D-64BE-4F55-A95C-70084CA8DF7C} - System32\Tasks\G2MUpdateTask-AllUsers => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A9A8AB5E-EDC8-4740-B651-E69220A017DF} - System32\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4EBC3AC7-6513-4295-9549-65A60300D909} - System32\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\GoToMeeting\19992\g2mupload.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {FDC39B0D-1C48-41D3-9336-AEFBDB6A5973} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{512A5718-D5C6-4340-BF90-419095B97671} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {B842348F-FBC7-48DF-8AB3-29EB1B6984FC} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-21] (HP Inc. -> HP Inc.)
Task: {E3122FC2-68E7-44FC-8211-546A173EAF60} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-21] (HP Inc. -> HP Inc.)
Task: {40739564-5E33-4948-B6F2-C84DC377C52A} - System32\Tasks\HPCustParticipation HP ENVY 5540 series => C:\Program Files\HP\HP ENVY 5540 series\Bin\HPCustPartic.exe [6438536 2017-03-27] (Hewlett Packard -> HP Inc.)
Task: {385005BB-EA9B-4396-85AC-509DFAF74C05} - System32\Tasks\HPOneAgentRepairTask => C:\ProgramData\Package Cache\{EC1ABEFA-64AF-46EC-B656-2BA6F30CB630}\HPOneAgent.exe [1169552 2024-07-11] (HP Inc. -> HP Inc.)
Task: {ADFC1E29-6B60-4E18-9828-FFA4B09C0C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E64DD43-5498-4F33-BA4A-9147AAF96B9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {37F3DB52-9BF5-4A45-B463-E590C30B433F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {C52AADEF-447B-403E-88F3-4545A9EF31C8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E15372D8-A037-46C0-B0E9-355105D034E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169408 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {0BF599E4-8B95-4394-B57C-ECF164CA654C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [90112 2024-07-10] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {CF127EFA-2905-4E05-98AE-332725BFB03B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {47C1635D-5418-4605-AAC8-9D8B72A239D9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {DEFC4DB6-85D3-45BC-A899-374F19E8FFD2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {A1D98CA3-4D86-4077-9640-BFD2C264F36D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B64C18B-60D7-4A8F-8402-1495DAE8E064} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47A99ED8-B9A9-4BA1-8C4F-AEA865D39FB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B964E7C-3132-4EFA-B90C-500FD250590F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0132FCA1-1079-444F-98C6-E29002F12BE6} - System32\Tasks\Opera scheduled assistant Autoupdate 1614264413 => C:\Users\motti\AppData\Local\Programs\Opera\launcher.exe  -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\motti\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B} - System32\Tasks\Opera scheduled Autoupdate 1614264411 => c:\users\motti\appdata\local\programs\opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {41B320C0-D9D8-4417-9BCA-11A29B3341D0} - System32\Tasks\RLHub_SkipUac_motti => C:\Program Files\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe [1568008 2022-12-28] (Reallusion Inc. -> Reallusion Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-AllUsers.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2456C66756465627560275966496: [DhcpNameServer] 8.8.8.8 185.51.168.5
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2496A737071636560245865616C6560234573747F6D65627: [DhcpNameServer] 10.0.22.254
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2496A737071636560245865616C656027457563747: [DhcpNameServer] 10.0.100.254
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\34F63747160234F6666656560275966496: [DhcpNameServer] 88.215.61.255 88.215.63.255
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\359627F6E616: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4416272756C6C6723702352303: [DhcpNameServer] 192.168.206.22
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4425D454: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4425D454: [DhcpDomain] home
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\44D4: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\84F6D6567596D26496: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\84F6D6567596D26496: [DhcpDomain] home
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\B4F6E6E6563647: [DhcpNameServer] 8.8.8.8 192.168.0.5
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\B4F6E6E6563647: [DhcpDomain] parkloyd.london
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616025374: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E6961602F46666963656: [DhcpNameServer] 10.40.16.11
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E6961602F46666963656: [DhcpDomain] OMNIA.LOCAL
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616D23547166666: [DhcpNameServer] 10.40.16.11
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616D23547166666: [DhcpDomain] OMNIA.LOCAL
Tcpip\..\Interfaces\{9387b233-62ed-49cd-b888-59a123360191}: [NameServer] 172.17.3.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-13]
Edge Notifications: Default -> hxxps://b.oataltaul.com; hxxps://calendar.google.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.justarsenal.com; hxxps://www.youtube.com
Edge Extension: (Loom for Edge) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abeameknhmpmfegfbeioekonmhbmbpai [2022-09-03]
Edge Extension: (Property Tracker) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgkpdjomdmemeefdefalbeogkmlmand [2022-09-03]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-29]
Edge Extension: (Save to Pinterest) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2024-07-06]
Edge Extension: (DuckDuckGo) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-07-13]
Edge Extension: (lock) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-06-23]
Edge Extension: (MozBar) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2022-09-03]
Edge Extension: (Project Naptha) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eckaechjaiiiffijigiigbhbfhelljmi [2022-09-03]
Edge Extension: (Meta Pixel Helper) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-03-06]
Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-19]
Edge Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-17]
Edge Extension: (Streak CRM for Gmail) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjfnhcobilifnmokegginjeenmlmlccn [2024-07-13]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-07-06]
Edge Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-07-02]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-12]
Edge Extension: (Fontanello) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdlhfjlpaijjhklfadlhbbmpjfddkglc [2024-04-04]
Edge Extension: (Edge relevant text changes) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Gmail reverse conversation) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2023-08-02]
Edge Extension: (Similar Sites - Discover Related Websites) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2024-06-28]
Edge Extension: (Endole QuickView) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nfbbahbhaadfdhedpoifbamfdcfnflei [2022-09-03]
Edge Extension: (Clipt) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpicahlgepngcpigiiebnheihgbaenh [2022-09-03]
Edge Extension: (PropertyData - Data, Info & Analysis) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nmgflehpkmokienojjgpbddklnedoonp [2024-04-04]
Edge Extension: (Scribe: AI Documentation, SOPs & Screenshots) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okfkdaglfjjjfefdcppliegebpoegaii [2024-07-10]
Edge Extension: (Vidyard - Screen Recorder & Screen Capture) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ollpphgpdfopboaicbijmelbeninibli [2024-07-06]
Edge Extension: (Lusha - Easily find B2B contact information) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pafckojojojjcjiimflfcchilgkeblcj [2024-06-28]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: svm6znfc.default
FF ProfilePath: C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\svm6znfc.default [2020-06-16]
FF ProfilePath: C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release [2024-07-13]
FF Notifications: Mozilla\Firefox\Profiles\bsh8s6mf.default-release -> hxxps://www.sunderlandecho.com
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\[email protected] [2021-02-03]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-09-08]
FF Extension: (Music World Search) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{2451ecb9-6260-4564-a546-8532f04b587a}.xpi [2021-02-03] [UpdateUrl:hxxps://addons.world-search.net/tsff/updates.json]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2023-05-06]
FF Extension: (FF Facebook Pixel Helper) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{f78d2e9e-892f-43bf-8bd2-a79a85203a0b}.xpi [2021-12-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-05-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-06-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default [2024-07-13]
CHR Notifications: Default -> hxxps://app.hubspot.com; hxxps://calendar.google.com; hxxps://cm.zoho.eu; hxxps://crm.zoho.eu; hxxps://harbourclub.pushcrew.com; hxxps://mail.google.com; hxxps://property.mitula.co.uk; hxxps://saymineapp.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.insta360.com; hxxps://www.loom.com; hxxps://www.upwork.com
CHR Extension: (lock) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2024-06-21]
CHR Extension: (ColorZilla) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2024-05-29]
CHR Extension: (DuckDuckGo) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-06-21]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-07-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-07-06]
CHR Extension: (MozBar) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2022-01-25]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-07-06]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-21]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-12]
CHR Extension: (Save to Pinterest) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-07-06]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-07-06]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-12]
CHR Extension: (Fontanello) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlhfjlpaijjhklfadlhbbmpjfddkglc [2024-04-03]
CHR Extension: (Gmail reverse conversation) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2023-08-03]
CHR Extension: (Loom – Screen Recorder & Screen Capture) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2024-07-10]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2024-07-13]
CHR Extension: (Endole QuickView) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbbahbhaadfdhedpoifbamfdcfnflei [2020-07-30]
CHR Extension: (Clipt) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpicahlgepngcpigiiebnheihgbaenh [2022-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Scribe: AI Documentation, SOPs & Screenshots) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfkdaglfjjjfefdcppliegebpoegaii [2024-07-10]
CHR Extension: (Streak CRM for Gmail) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2024-07-13]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-07-13]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-27]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-06]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-27]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-31]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\System Profile [2024-07-13]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-633662038-590885182-3186226141-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable [2024-07-13]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-05-05]
OPR Extension: (Opera Wallet) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-05-05]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-10-30]
OPR Extension: (Opera AI Prompts) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\mljbnbeedpkgakdchcmfapkjhfcogaoc [2023-05-05]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944048 2024-06-27] (Adobe Inc. -> Adobe Inc.)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\126.0.25558.127\elevation_service.exe [1773360 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-21] (Microsoft Corporation -> Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
S4 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\203.4.4857\DropboxElevationService.exe [1659288 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 ElanTouchXiSvc; C:\WINDOWS\SysWOW64\ElanTouchXiSvc.exe [560864 2022-12-19] (ELAN MICROELECTRONICS CORPORATION -> )
S4 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1939472 2024-06-11] (HP Inc. -> HP Inc; HP Development Company, L.P.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\AppHelperCap.exe [928312 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\DiagsCap.exe [926672 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\NetworkCap.exe [922576 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-21] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\SysInfoCap.exe [927800 2024-06-15] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_5260ddd49ca9ef3b\AS\IAS\IntelAudioService.exe [412152 2022-10-24] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8895072 2024-06-16] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 RLHostService; C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe [285008 2022-01-13] (Reallusion Inc. -> Reallusion.Inc)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256856 2023-08-16] (Intel Corporation -> Intel Corporation)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [140424 2024-04-19] (TunnelBear (McAfee Canada ULC) -> TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\motti\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\axusbeth.inf_amd64_00da554e0fe424fd\AxUsbEth.sys [168048 2024-06-11] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218608 2024-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-06] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl2ef044ff; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36886096-872B-457C-90A7-FBE8989FF402}\MpKslDrv.sys [271640 2024-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsld09cbaa0; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [222464 2023-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 polarbear-split-tunneling; C:\Program Files (x86)\TunnelBear\Drivers\x64\SplitTunnelingDriver.sys [29176 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2020-11-14] (TunnelBear, Inc. -> The OpenVPN Project)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-11-14] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2022-10-21] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-13 16:42 - 2024-07-13 16:44 - 000060118 _____ C:\Users\motti\OneDrive\Desktop\Addition.txt
2024-07-13 16:41 - 2024-07-13 16:44 - 000053070 _____ C:\Users\motti\OneDrive\Desktop\FRST.txt
2024-07-13 16:41 - 2024-07-13 16:44 - 000000000 ____D C:\FRST
2024-07-13 16:38 - 2024-07-13 16:38 - 002395648 _____ (Farbar) C:\Users\motti\OneDrive\Desktop\FRST64.exe
2024-07-13 13:34 - 2024-07-13 13:34 - 000001460 _____ C:\Users\motti\OneDrive\Desktop\Webex.lnk
2024-07-13 13:34 - 2024-07-13 13:34 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\Program Files\Zoom
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\Program Files\Common Files\Zoom
2024-07-13 13:11 - 2024-07-13 13:36 - 000000546 _____ C:\WINDOWS\Tasks\G2MUpdateTask-AllUsers.job
2024-07-13 13:11 - 2024-07-13 13:11 - 000003634 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-AllUsers
2024-07-13 13:11 - 2024-07-13 13:11 - 000000000 ____D C:\Program Files (x86)\GoToMeeting
2024-07-13 13:10 - 2024-07-13 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2024-07-13 13:10 - 2024-07-13 13:10 - 000000000 ____D C:\Program Files\nodejs
2024-07-13 13:08 - 2024-07-13 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2024-07-12 15:32 - 2024-07-12 15:32 - 002170904 _____ C:\Users\motti\Downloads\screencapture-lagonda-maskalls-co-uk-2024-07-12-15_31_52.pdf
2024-07-12 09:46 - 2024-07-12 09:51 - 000000000 ___HD C:\$WinREAgent
2024-07-12 09:42 - 2024-07-12 09:42 - 000050997 _____ C:\Users\motti\Downloads\Invoice INV-01280.pdf
2024-07-11 08:49 - 2024-07-11 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-07-10 13:12 - 2024-07-10 13:12 - 000077710 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Omnia_Monthly_Management_Reporting_Pack_-_Update_North_South (3).xlsx
2024-07-10 12:56 - 2024-07-10 12:56 - 000066300 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Omnia_Monthly_Management_Reporting_Pack_- May 24 - DRAFT.xlsx
2024-07-10 10:28 - 2024-07-10 10:28 - 000000000 ____D C:\ProgramData\bst_boost_interprocess
2024-07-10 10:28 - 2024-07-10 10:27 - 000007160 _____ C:\Users\motti\-1.14-windows.xml
2024-07-10 10:27 - 2024-07-10 10:28 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2024-07-10 10:27 - 2024-07-10 10:27 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2024-07-10 01:59 - 2024-07-10 01:59 - 000025684 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-10 01:58 - 2024-07-10 01:58 - 000025684 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-09 15:46 - 2024-07-09 15:46 - 000155801 _____ C:\Users\motti\Downloads\RE_ Let's complete your virtual office onboarding – Omnia Outsourcing _ Sirona Medical Ltd.zip
2024-07-09 12:02 - 2024-07-09 12:02 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-07-08 18:28 - 2024-07-08 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2024-07-08 10:52 - 2024-07-08 10:52 - 000000482 _____ C:\Users\motti\OneDrive\Desktop\DM director.txt
2024-07-05 15:19 - 2024-07-05 15:19 - 005229224 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw10.sys
2024-07-05 15:19 - 2024-07-05 15:19 - 001496120 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter10.dll
2024-07-05 09:19 - 2024-07-05 09:23 - 002662212 _____ C:\Users\motti\Downloads\O076 - Let Eng Accts and Tax 2023 (1).pdf
2024-07-03 18:03 - 2024-07-03 18:03 - 000110961 _____ C:\Users\motti\Downloads\R M Beckett.pdf
2024-07-03 16:57 - 2024-07-03 16:58 - 004014701 _____ C:\Users\motti\Downloads\jpg-pdf-1.zip
2024-07-02 15:13 - 2024-07-02 15:13 - 000193031 _____ C:\Users\motti\Downloads\Three Business Agreement for OMNIA BACK OFFICE LIMITED.pdf
2024-07-01 14:38 - 2024-07-01 15:14 - 000000000 ____D C:\Users\motti\OneDrive\Desktop\Jon K KC
2024-07-01 13:34 - 2024-07-12 09:26 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop (Beta).lnk
2024-06-30 11:29 - 2024-06-30 11:29 - 000131242 _____ C:\Users\motti\Downloads\return-label.pdf
2024-06-28 13:37 - 2024-06-28 13:47 - 000000957 _____ C:\Users\motti\Downloads\[email protected]
2024-06-27 16:10 - 2024-06-28 16:46 - 000007715 _____ C:\Users\motti\Downloads\Trevor.txt
2024-06-27 15:38 - 2024-06-27 15:38 - 000000000 ____D C:\Users\motti\Downloads\Vaishvick Law
2024-06-27 15:27 - 2024-06-27 15:27 - 000000000 ____D C:\Users\motti\Downloads\asw
2024-06-27 12:20 - 2024-06-27 12:20 - 000102171 _____ C:\Users\motti\Downloads\20240517 Schedule 36 Notice-1.pdf
2024-06-27 12:19 - 2024-06-27 12:19 - 000078333 _____ C:\Users\motti\Downloads\Schedule of information.pdf
2024-06-27 12:11 - 2024-06-27 12:11 - 000135413 _____ C:\Users\motti\Downloads\Fwd_ Draft agreement for Omnia 'payroll' contract.eml
2024-06-25 16:47 - 2024-06-25 16:47 - 000475884 _____ C:\Users\motti\OneDrive\Desktop\Investec Capital Solutions - Credit Search Declaration.pdf
2024-06-21 15:41 - 2024-06-21 15:41 - 000996819 _____ C:\Users\motti\OneDrive\Desktop\self assessment.pdf
2024-06-20 11:30 - 2024-06-20 11:30 - 000053275 _____ C:\Users\motti\Downloads\statement-2023-December.pdf
2024-06-20 10:15 - 2024-06-20 10:15 - 029359096 _____ C:\Users\motti\Downloads\OmniaSirona Compliance 2024 .pdf
2024-06-18 12:55 - 2024-06-18 12:55 - 000873336 _____ C:\Users\motti\OneDrive\Desktop\Omnia Cash Flow Model 2024 05 14 cash flow forecast for 1 year V4.xlsx
2024-06-17 15:39 - 2024-06-17 15:39 - 017101472 _____ C:\Users\motti\Downloads\darrell.pdf
2024-06-17 14:40 - 2024-06-17 14:40 - 000137393 _____ C:\Users\motti\OneDrive\Desktop\GEN1500W - Pensions Declaration Document.docx.pdf
2024-06-17 09:55 - 2024-06-17 09:55 - 000036809 _____ C:\Users\motti\Downloads\Invoice_9269_from_Autism_Berkshire.pdf
2024-06-13 21:18 - 2024-06-13 21:18 - 000661468 _____ C:\Users\motti\Downloads\595978574.pdf
2024-06-13 21:15 - 2024-06-13 21:15 - 000013198 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Cynergy_-_Sales_Day_Book (2).xlsx
2024-06-13 15:56 - 2024-06-13 15:56 - 001345441 _____ C:\Users\motti\Downloads\O076 - Let Eng Accts and Tax 2023.pdf
2024-06-13 15:49 - 2024-06-13 15:49 - 000127272 _____ C:\Users\motti\Downloads\eticket QYMKNC.pdf
2024-06-13 14:26 - 2024-06-13 14:26 - 000050657 _____ C:\Users\motti\Downloads\Invoice INV-01277.pdf
2024-06-13 11:46 - 2024-06-13 11:46 - 000372851 _____ C:\Users\motti\Downloads\240149.pdf
2024-06-13 10:10 - 2024-06-13 10:10 - 000234893 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Cynergy_-_Debtor_Receipts - Cynergy Approved Transfers - May 2024 (1).xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-13 16:44 - 2022-10-12 09:59 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-07-13 16:44 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-13 16:44 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-07-13 16:40 - 2023-05-05 16:21 - 000000000 ____D C:\Users\motti\AppData\Local\Malwarebytes
2024-07-13 15:39 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-13 15:38 - 2024-01-22 20:30 - 000000000 ____D C:\Users\motti\AppData\Roaming\1Password
2024-07-13 15:36 - 2022-10-12 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-13 15:36 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-13 13:49 - 2022-02-10 01:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-13 13:48 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-13 13:48 - 2020-06-09 19:20 - 000000000 ____D C:\Users\motti\AppData\Local\Packages
2024-07-13 13:48 - 2020-05-11 08:46 - 000000000 ____D C:\ProgramData\Packages
2024-07-13 13:44 - 2022-10-12 10:03 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-13 13:43 - 2020-08-27 18:16 - 000000000 ____D C:\Program Files\CCleaner
2024-07-13 13:37 - 2022-10-12 09:59 - 000003808 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-13 13:37 - 2022-10-12 09:59 - 000003712 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-13 13:37 - 2020-08-06 11:23 - 000000642 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003.job
2024-07-13 13:37 - 2020-08-06 11:23 - 000000546 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003.job
2024-07-13 13:37 - 2020-07-01 14:27 - 000000000 ____D C:\Users\motti\AppData\Roaming\Zoom
2024-07-13 13:36 - 2024-04-08 12:57 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-07-13 13:36 - 2024-04-08 12:57 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-07-13 13:36 - 2023-01-31 19:32 - 000000000 ____D C:\ProgramData\Reallusion
2024-07-13 13:36 - 2022-12-15 14:28 - 000000280 _____ C:\WINDOWS\Tasks\CCleanerClean.job
2024-07-13 13:36 - 2022-10-12 09:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-13 13:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-07-13 13:36 - 2021-03-16 19:55 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-13 13:36 - 2020-06-09 19:20 - 000000000 __SHD C:\Users\motti\IntelGraphicsProfiles
2024-07-13 13:36 - 2020-05-11 08:46 - 000000000 ____D C:\Intel
2024-07-13 13:35 - 2024-04-08 12:57 - 000003512 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-07-13 13:35 - 2024-04-08 12:57 - 000003288 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-07-13 13:35 - 2023-09-27 16:01 - 000000000 ____D C:\Users\motti\AppData\Roaming\bluestacks-services
2024-07-13 13:35 - 2022-10-12 09:59 - 000002532 _____ C:\WINDOWS\system32\Tasks\Adobe Creative Cloud
2024-07-13 13:35 - 2022-10-12 09:54 - 000000000 ____D C:\Users\motti
2024-07-13 13:35 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-07-13 13:28 - 2020-07-17 09:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-13 13:15 - 2023-09-27 16:01 - 000003014 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-07-13 13:15 - 2023-07-06 15:01 - 000002568 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-07-13 13:15 - 2022-10-12 09:59 - 000003914 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1614264413
2024-07-13 13:15 - 2022-10-12 09:59 - 000003720 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1614264411
2024-07-13 13:15 - 2022-10-12 09:59 - 000002656 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-07-13 13:14 - 2024-01-25 10:27 - 000002814 _____ C:\WINDOWS\system32\Tasks\HPOneAgentRepairTask
2024-07-13 13:14 - 2022-12-15 14:28 - 000003120 _____ C:\WINDOWS\system32\Tasks\CCleanerClean
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\Program Files\WinRAR
2024-07-13 13:08 - 2023-04-23 18:20 - 000000000 ____D C:\Program Files\Git
2024-07-13 13:08 - 2020-06-10 13:10 - 000000000 ____D C:\ProgramData\Package Cache
2024-07-13 13:06 - 2023-07-07 23:50 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2024-07-13 13:06 - 2023-07-07 23:50 - 000000000 ____D C:\Program Files\Audacity
2024-07-13 13:06 - 2022-02-04 15:11 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-07-13 10:39 - 2023-01-14 14:02 - 2123291648 _____ C:\Users\motti\AppData\Local\SageThumbs.db3
2024-07-13 09:30 - 2022-10-19 05:18 - 000000000 ____D C:\WINDOWS\Minidump
2024-07-13 09:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-13 09:30 - 2020-11-23 10:21 - 000000000 ____D C:\Users\motti\AppData\Local\CrashDumps
2024-07-13 09:25 - 2024-04-08 12:58 - 000000000 ____D C:\Users\motti\AppData\Roaming\Dropbox
2024-07-13 09:25 - 2024-04-08 12:58 - 000000000 ____D C:\Users\motti\AppData\Local\Dropbox
2024-07-13 03:01 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-13 01:50 - 2023-03-30 18:47 - 000001575 _____ C:\WINDOWS\system32\config\VSMIDK
2024-07-13 01:48 - 2022-10-12 09:53 - 000643408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-13 01:46 - 2023-12-15 04:24 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-13 01:46 - 2023-10-13 03:27 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-07-13 01:46 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-12 20:47 - 2020-06-10 12:53 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Word
2024-07-12 17:39 - 2022-10-12 09:59 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1BB2B7B1-C839-4CF8-8958-D022F9BE0E67}
2024-07-12 14:45 - 2021-02-21 13:31 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-07-12 14:45 - 2021-02-21 13:31 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-07-12 09:57 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-12 09:26 - 2023-08-04 09:39 - 000000000 ___HD C:\adobeTemp
2024-07-12 09:25 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-07-12 09:24 - 2022-10-12 09:59 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 09:24 - 2022-10-12 09:59 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 14:26 - 2020-06-09 19:37 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Excel
2024-07-11 08:49 - 2024-04-08 12:57 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-07-10 10:27 - 2024-03-14 14:54 - 000000000 ____D C:\Users\motti\AppData\Local\BlueStacks X
2024-07-10 10:27 - 2023-09-27 15:59 - 000000000 ____D C:\Users\motti\AppData\Local\Bluestacks
2024-07-10 09:14 - 2024-01-22 20:30 - 000001352 _____ C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-07-10 09:14 - 2024-01-22 20:30 - 000000000 ____D C:\Users\motti\AppData\Local\1Password
2024-07-10 01:59 - 2022-10-12 09:54 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-07-10 01:41 - 2020-05-11 08:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-10 01:35 - 2020-05-11 08:52 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-09 17:47 - 2024-01-30 14:29 - 000000000 ____D C:\Users\motti\OneDrive\Desktop\158
2024-07-08 18:28 - 2023-03-16 11:51 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2024-07-08 09:19 - 2020-06-10 13:07 - 000000000 ____D C:\Users\motti\AppData\Local\D3DSCache
2024-07-06 20:14 - 2024-02-27 15:38 - 005108725 _____ C:\Users\motti\OneDrive\Desktop\BlueStacks-Support.7z
2024-07-06 20:12 - 2024-05-17 19:43 - 000002169 _____ C:\Users\motti\OneDrive\Desktop\TeamStreamsSmartersQV2.lnk
2024-07-06 20:12 - 2023-09-27 16:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-07-06 08:39 - 2022-03-22 12:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-07-05 09:21 - 2024-01-12 10:24 - 000000000 __RHD C:\Users\motti\Creative Cloud Files
2024-07-02 09:52 - 2022-11-17 10:48 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-07-02 09:34 - 2020-05-11 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2024-07-01 23:26 - 2022-10-12 09:59 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-01 23:26 - 2022-10-12 09:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-01 23:26 - 2021-09-28 14:22 - 000000000 ___RD C:\Users\motti\Ambasco
2024-07-01 23:26 - 2021-03-16 19:56 - 000002379 _____ C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-01 22:55 - 2022-11-17 10:48 - 000003378 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-07-01 22:55 - 2022-10-12 09:59 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-07-01 13:34 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files\Adobe
2024-07-01 13:33 - 2020-06-10 13:10 - 000000000 ____D C:\ProgramData\Adobe
2024-06-30 23:14 - 2020-06-09 19:27 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-29 10:23 - 2022-10-13 10:24 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-06-29 10:23 - 2022-10-13 10:24 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-27 08:22 - 2023-03-01 19:25 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2024-06-27 08:22 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files (x86)\Adobe
2024-06-26 20:25 - 2020-06-09 19:58 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 17:49 - 2020-09-17 13:45 - 000000000 ____D C:\Users\motti\AppData\Roaming\vlc
2024-06-21 16:25 - 2023-05-17 10:01 - 000000000 ____D C:\Program Files (x86)\Razer
2024-06-21 05:13 - 2022-10-12 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-17 10:37 - 2023-10-08 10:40 - 000010720 _____ C:\Users\motti\OneDrive\Desktop\Front Garden.xlsx
2024-06-14 17:31 - 2020-09-24 11:56 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\PowerPoint
2024-06-13 12:06 - 2024-04-08 13:01 - 000000000 ___RD C:\Users\motti\Dropbox
 
==================== Files in the root of some directories ========
 
2023-09-22 09:19 - 2023-09-25 09:47 - 000001456 _____ () C:\Users\motti\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-08-04 16:31 - 2022-08-04 23:21 - 000000457 _____ () C:\Users\motti\AppData\Local\kdeglobals
2022-08-04 16:29 - 2022-08-04 16:29 - 000008337 _____ () C:\Users\motti\AppData\Local\kdenlive-layoutsrc
2022-08-04 16:29 - 2022-08-10 12:44 - 000005364 _____ () C:\Users\motti\AppData\Local\kdenliverc
2020-06-10 13:10 - 2020-06-10 13:10 - 000000410 _____ () C:\Users\motti\AppData\Local\oobelibMkey.log
2022-08-04 16:31 - 2022-08-04 16:31 - 000000856 _____ () C:\Users\motti\AppData\Local\recently-used.xbel
2020-06-30 10:05 - 2020-06-30 10:05 - 000007605 _____ () C:\Users\motti\AppData\Local\Resmon.ResmonCfg
2023-01-14 14:02 - 2024-07-13 10:39 - 2123291648 _____ () C:\Users\motti\AppData\Local\SageThumbs.db3
2022-08-04 16:29 - 2022-08-04 16:29 - 000006414 _____ () C:\Users\motti\AppData\Local\user-places.xbel
2022-08-04 16:29 - 2022-08-04 16:29 - 000005733 _____ () C:\Users\motti\AppData\Local\user-places.xbel.bak
2022-08-04 16:29 - 2022-08-04 16:29 - 000000000 _____ () C:\Users\motti\AppData\Local\user-places.xbel.tbcache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.07.2024
Ran by motti (13-07-2024 16:45:20)
Running from C:\Users\motti\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) (2022-10-12 08:59:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-633662038-590885182-3186226141-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-633662038-590885182-3186226141-503 - Limited - Disabled)
Guest (S-1-5-21-633662038-590885182-3186226141-501 - Limited - Disabled)
motti (S-1-5-21-633662038-590885182-3186226141-1003 - Administrator - Enabled) => C:\Users\motti
User (S-1-5-21-633662038-590885182-3186226141-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-633662038-590885182-3186226141-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\1Password) (Version: 8.10.36 - AgileBits Inc.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.002.20895 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.3.0.207 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.5.0.43 - Adobe Inc.)
Adobe Photoshop (Beta) (HKLM-x32\...\PHSPBETA_25_12) (Version: 25.12.0.2694 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7_4) (Version: 24.7.4.1251 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_9_1) (Version: 25.9.1.626 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_2_10) (Version: 2.10 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Asana (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Asana) (Version: 1.5.1 - Asana, Inc.)
Audacity 3.5.1 (HKLM\...\Audacity_is1) (Version: 3.5.1 - Audacity Team)
BAND 1.10.5 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\8eaa3f09-bcc8-5716-a0a9-0da1609a4d5b) (Version: 1.10.5 - BAND)
Bing Wallpaper (HKLM-x32\...\{980089C2-9D7D-4438-8DAF-C695E82DF18D}) (Version: 1.0.9.8 - Microsoft Corporation)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.101.1002 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\BlueStacks X) (Version: 10.10.6.1001 - now.gg, Inc.)
Bria (HKLM-x32\...\{0E0D7094-BA64-4B0A-A8ED-E19FB83EE0FF}) (Version: 64.10.6814 - CounterPath Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 6.25 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 126.0.25558.127 - Gen Digital Inc.)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\ActiveTouchMeetingClient) (Version: 42.10.5 - Cisco Webex LLC)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 203.4.4857 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.911.1 - Dropbox, Inc.) Hidden
Git (HKLM\...\Git_is1) (Version: 2.45.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKLM-x32\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
GoToMeeting 10.20.19992 (HKLM-x32\...\{B3E0462A-A4C7-4489-B59A-21AC8EBD07D5}) (Version: 10.20.19992 - LogMeIn) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP One Agent (HKLM\...\{E3D1BCBD-5AC3-4D4A-B9BA-E7327F321336}) (Version: 1.1.0.55997 - HP Inc.) Hidden
HP One Agent (HKLM\...\{EC1ABEFA-64AF-46EC-B656-2BA6F30CB630}) (Version: 1.1.0.55997 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
ImagenAI 23.1.8-793 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\3a7b72c3-feff-552b-ab36-a4bfabbea3cf) (Version: 23.1.8-793 - Imagen)
kdenlive (HKLM-x32\...\kdenlive) (Version: 22.04.3 - KDE e.V.)
LetsView V1.1.4.5 (HKLM-x32\...\{6AA74BE4-9506-4D81-A07C-A40F883C2EA7}_is1) (Version: 1.1.4.5 - LetsView LIMITED)
Loom 0.126.0 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.126.0 - Loom, Inc.)
Malwarebytes version 5.1.5.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.5.116 - Malwarebytes)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\{51DBE763-E9CF-3A77-85F1-F674E025313E}) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.87 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-633662038-590885182-3186226141-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Teams) (Version: 1.7.00.6058 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.14501 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Debug Runtime - 14.29.30139 (HKLM\...\{A6BCA173-4218-4099-B36C-E12B3EE27B5D}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Debug Runtime - 14.29.30139 (HKLM-x32\...\{3521C75E-6E25-47A6-9831-17EE6AAF01E2}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.5.2150.18781 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{6F35042F-F35C-4339-B757-1B9F13C502DA}) (Version: 3.5.2150.18781 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{F59F32AE-45B5-43EF-B96A-6BF21A97021A}) (Version: 3.5.2150.18781 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{FF820EDB-79A3-49B1-AFA0-7E2CD4090AA1}) (Version: 18.20.4 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.6.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{9E4F436B-5B50-4D84-954A-5C8A18CEB836}) (Version: 40.11.1119.1786 - HP Inc.)
Python 3.11.3 (64-bit) (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\{c6a7d2cb-61ea-4f5e-bc56-95faa938bacf}) (Version: 3.11.3150.0 - Python Software Foundation)
Python 3.11.3 Add to Path (64-bit) (HKLM\...\{9EB782CC-B2A5-4B67-BFEC-C91F5B755CAF}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Core Interpreter (64-bit) (HKLM\...\{611F1238-29A9-495F-B1F4-CFFCC98D9421}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Development Libraries (64-bit) (HKLM\...\{D307D056-AF62-4F53-810E-052AAAF0EFB2}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Documentation (64-bit) (HKLM\...\{25DC2A6F-FDC2-40D0-AA9D-3BF392BDF500}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Executables (64-bit) (HKLM\...\{A2BCB6C1-272D-437F-A5BC-92431FC521B4}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 pip Bootstrap (64-bit) (HKLM\...\{55BEEF7A-9288-497D-B5CE-960D2F3C70A3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Standard Library (64-bit) (HKLM\...\{0D289858-69D1-4CB6-946E-659F028DDC27}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Tcl/Tk Support (64-bit) (HKLM\...\{C321A7FC-E479-4E2A-AA09-2698EFEA4CA3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Test Suite (64-bit) (HKLM\...\{BA9ABB78-751C-4488-80A9-60E44290C060}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Utility Scripts (64-bit) (HKLM\...\{5BF6CA5B-E057-413A-B87A-CCD47600E465}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C41DB702-D72D-40F4-A2B3-5BAC2DCA2DF2}) (Version: 3.11.3150.0 - Python Software Foundation)
Reallusion Hub (HKLM-x32\...\{CFF2760B-B727-4717-8635-5D668A0C9C4F}) (Version: 5.0.1228.1 - Reallusion Inc. )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 16.1 - Screaming Frog Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Stremio (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Stremio) (Version: 4.4.159 - Smart Code Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
TunnelBear (HKLM-x32\...\{59023481-7539-4FCB-8FA3-FF3459026EF4}) (Version: 4.9.3.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{a3009a1b-131b-45d6-be90-2fb6f2f2d6f3}) (Version: 4.9.3.0 - TunnelBear)
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
vcpp_crt.redist.clickonce (HKLM-x32\...\{09184AC0-ACEE-44D5-95F2-05EE6D27A5E8}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2019 (HKLM-x32\...\188f620a) (Version: 16.11.26 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
Webex (HKLM\...\{6B6748ED-A496-5575-87CD-113C4F3C0FC4}) (Version: 44.7.0.30141 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Zoom Workplace (64-bit) (HKLM\...\{C82F8B71-F488-43D0-8637-56A6E6C1D95B}) (Version: 6.1.41705 - Zoom)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-02-16] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-06-29] ()
Adobe Acrobat DC -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-06-29] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2024-05-16] (Adobe Systems Incorporated)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.XD_57.1.12.2_x64__pc75e8sa7ep4e [2024-05-07] (Adobe Inc.)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-02] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-14] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-10-14] (INTEL CORP)
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.5.189.0_x64__v10z8vjag6ke6 [2024-07-12] (HP Inc.)
CompuClever ITHMB Viewer -> C:\Program Files\WindowsApps\D5BE6627.CompuCleverITHMBViewer_2.5.18.0_x64__9pm2v9747qaaa [2022-03-23] (CompuClever Systems Inc.) [MS Ad]
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-07-11] (Dropbox Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-07-12] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Ink.Handwriting.Main.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-GB.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-04-05] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-06] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-01] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24061.40.0_x64__cw5n1h2txyewy [2024-07-03] (Microsoft Windows) [Startup Task]
Notepad++ -> C:\Program Files (x86)\Notepad++\contextMenu [2024-07-13] (Notepad++)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.3017.0_x64__8wekyb3d8bbwe [2024-07-09] (Microsoft Corporation) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-01-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.7.0.0_x86__fxme7667cy4q4 [2024-03-16] (Ricoh Company, Ltd.)
Speech Pack - English (United Kingdom) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-GB.1_1.0.7.0_x64__cw5n1h2txyewy [2024-05-25] (Microsoft Windows)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm [2024-06-21] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-25] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-13] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2024-07-13] (win.rar GmbH)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-06-03] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{04271989-C4D2-764C-C5A5-7D14797A435B} -> [Ambasco] => C:\Users\motti\Ambasco [2021-09-28 14:22]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0BAEC2A2C01} -> [Creative Cloud Files Personal Account [email protected] AD2250B64F47619B0A490D4D@AdobeID] => C:\Users\motti\Creative Cloud Files Personal Account [email protected] AD2250B64F47619B0A490D4D@AdobeID [2020-06-10 13:15]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\motti\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.14501\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\GoToMeeting\19992\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\motti\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\motti\Dropbox [2024-04-08 13:01]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\motti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\quollify.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2020-06-09 19:30 - 2020-06-09 19:30 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll
2020-06-09 19:30 - 2020-06-09 19:30 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2023-01-31 19:37 - 2020-01-07 16:02 - 004679168 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Core.dll
2023-01-31 19:37 - 2020-01-07 16:02 - 000855040 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Network.dll
2023-01-31 19:37 - 2017-03-01 17:07 - 000109056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5WebSockets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\sharepoint.com -> hxxps://ambasco-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 05:49 - 2024-07-13 13:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python311\Scripts\;C:\Python311\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\HP\HP One Agent;C:\Program Files\Git\cmd;C:\Program Files\nodejs\
HKU\S-1-5-21-633662038-590885182-3186226141-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-633662038-590885182-3186226141-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\motti\Pictures\Bellagio.jpg
DNS Servers: 192.168.4.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "StartRLCMS.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "HPOneAgentService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\StartupFolder: => "Reallusion Hub.lnk"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_8D4CC1622ACB2D8CF3B8EA616AD9F228"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "electron.app.Loom"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2F00D187B1D9FA874EA7F713C90970C2"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "1Password"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{66E5BBAA-5198-4650-BA95-62F577653327}] => (Block) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [{7F68E880-03DC-4429-8ABB-98B20E6032DC}] => (Block) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [UDP Query User{F56B8784-0E9B-4209-92B2-D9514C922E4D}C:\program files\kdenlive\bin\kdenlive.exe] => (Allow) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [TCP Query User{C2E6F02A-6A18-42DD-8907-E37EA125AA5A}C:\program files\kdenlive\bin\kdenlive.exe] => (Allow) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [{C3869BCB-30CC-4A4B-9193-2FB6FE377859}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C3C5CA25-316E-4EB8-828B-4171E4C2D155}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9124303A-8BA8-43A4-95CC-766879687697}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{756B2B11-02E3-4672-AC6F-BAF92EEC327C}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{50AE3F2E-E941-4918-923D-73D499532092}] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{83ACF477-AB37-4B29-864B-9002E5D75F66}] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [UDP Query User{A504A0B4-ED46-458C-A1E4-E19B3D0DC459}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Allow) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [TCP Query User{4150F610-C412-41BF-8D8E-43B5A96C4B6F}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Allow) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{7CFF43A8-A635-446C-867B-731C4311BA9D}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7D586AAC-D8D8-4D03-B34A-A2D222A5544E}] => (Allow) LPort=5357
FirewallRules: [{8FB4DE8F-2BA5-4A44-B5BF-BC5D6BCAC903}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{E15BEF90-AD3C-45BF-BD41-8EEB4EFC36B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [UDP Query User{39B01A95-94B2-4018-A1D2-6D4F98475FCA}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8E13D9D6-9AE4-43E1-9908-AD89D13A946C}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F5A3B283-DB63-4EEE-83EC-F281E63AE858}C:\program files (x86)\counterpath\bria\bria.exe] => (Allow) C:\program files (x86)\counterpath\bria\bria.exe (CounterPath Corporation -> CounterPath)
FirewallRules: [UDP Query User{DD7B16D4-B389-43D2-9860-0BA08838524E}C:\program files (x86)\counterpath\bria\bria.exe] => (Allow) C:\program files (x86)\counterpath\bria\bria.exe (CounterPath Corporation -> CounterPath)
FirewallRules: [TCP Query User{69FC49B9-2E76-4A6F-A45A-8558A93CCF39}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7C04E234-B699-4AC8-AB87-066BE2927BC4}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61602F3C-C409-4B95-97FA-A9D8007F8C6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{72C14F2A-3219-46F7-B2FB-7A08F0393A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0D9CE8C-6621-4829-B109-E2E90632DEF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0BAB3A6-6438-4192-8586-2D74C9404B58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [TCP Query User{D0A4D96C-4DDC-40D3-BD55-120F0F48CBA0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{79D53B96-E8A5-4C7C-A1C6-BE390520B152}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C074D1E3-AEFC-42C6-884A-AE470E69AAEB}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [UDP Query User{D7F562D8-6CA0-43A1-9F52-DC15C67D6268}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [TCP Query User{481F3F9A-2E67-4EDD-9E4E-7F36F44A61FA}C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{DBC3CE11-01EF-49D1-8C0B-7EAA8CC69B4B}C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [TCP Query User{2278F4BF-0FD5-4923-A6FE-3192D5B6EF46}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{4F0BC7EE-3CA3-4BE7-884C-059A86B1B1BD}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{14FAB61F-9469-4B38-99CC-9991CEE04D11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70450321-E184-4862-BD34-DBDDE8BF0D72}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC663A6D-D1CD-4CDE-B008-3A27BB3FFBC2}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{49ABDA69-A37C-4D36-A75E-E6C51898B96C}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{F529AEEB-4F70-477D-BF3B-ADD9F1B3E92A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A2ED3F9-B081-4842-B977-36D68958FCF7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0208EA22-A995-48BE-8EDE-74B0EE75EC0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A6E04751-B18A-429B-BF6C-5CB881574875}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{EBE0AE2A-8090-4B77-8D96-C63EC482F7E5}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{DA9B6847-5900-451D-AB1C-3C59A4B6313E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{50584793-AA6A-49FC-A461-9BA1A7B7C264}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AAC10BD7-914F-43D4-BF5B-005E6CCBC02A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6ED60168-E845-48A2-8D89-C300A588AFDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12A9A781-C64B-4846-93CE-E12057778A21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06AB65AF-8694-435A-9B87-1F8EAAF2DCDC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFB4F45A-2EEF-47A4-9C2C-EFD37F72DD74}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{5B99A63C-9508-453D-B4B7-1F914EB41E9B}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{CF58D22E-704C-435D-B7DF-455AB0693F9D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F2D0C9A8-08CB-4731-B0D2-3A8A685F3E99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5DD70CD1-CA3C-480D-A238-A10F25D8AE6D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{104F91A7-CCAA-45CF-AD58-9C13081ECDDA}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17DB1663-7812-40D6-A540-92032F509CC2}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
FirewallRules: [{531AAC30-584F-455D-81D4-C3E564F7F918}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13F6256-4239-445C-896A-98C329FA742D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78C13C46-2F9B-489B-9511-AB563B75A837}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4E0ABE72-33BA-440A-AEFF-5F10D0DC2D70}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5D979BD4-02D6-4F7A-BCBD-234518D5E73D}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
==================== Restore Points =========================
 
12-07-2024 09:45:56 Windows Update
13-07-2024 13:05:51 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810
13-07-2024 13:15:46 Piriform Driver Updater Restore Point
13-07-2024 13:48:01 Removed Bonjour
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/13/2024 01:24:16 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 01:24:16 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 01:12:10 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 01:12:10 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 12:24:32 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 12:24:32 PM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
Error: (07/13/2024 12:22:29 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Photoshop.exe version 25.12.0.2694 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/13/2024 11:57:13 AM) (Source: DbxSvc) (EventID: 291) (User: )
Description: Failed to open client process id: (5) Access is denied.
 
 
System errors:
=============
Error: (07/13/2024 03:26:20 PM) (Source: DCOM) (EventID: 10010) (User: DARRELL-HP-SPEC)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
Error: (07/13/2024 01:36:59 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (10:3f:44:6f:28:15) failed.
 
Error: (07/13/2024 10:42:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.
 
Error: (07/13/2024 09:30:38 AM) (Source: DCOM) (EventID: 10000) (User: DARRELL-HP-SPEC)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (07/13/2024 06:56:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPAppHelperCap service.
 
Error: (07/13/2024 01:51:24 AM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (10:3f:44:6f:28:15) failed.
 
Error: (07/13/2024 01:51:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sound Research SECOMN Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (07/13/2024 01:49:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sound Research SECOMN Service service terminated unexpectedly. It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2024-07-12 10:21:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-11 03:06:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-10 10:03:19
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-09 03:00:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-08 02:39:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-05-21 21:45:30
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-05-13 07:41:01
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-05-04 17:18:09
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-04-27 18:37:15
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-04-20 21:57:00
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
CodeIntegrity:
===============
Date: 2024-07-13 13:36:19
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\detectionverificationdrv.inf_amd64_3246b80d2e1b5e83\IntelSSTPreprocStreamer.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 
 
Date: 2024-06-28 12:18:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.28 03/04/2021
Motherboard: HP 86FA
Processor: Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 57%
Total physical RAM: 16061.82 MB
Available physical RAM: 6889.96 MB
Total Virtual: 34493.82 MB
Available Virtual: 23395.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:707.81 GB) (Free:482.28 GB) (Model: INTEL HBRPEKNX0203AH) (Protected) NTFS
Drive e: (Work) (Fixed) (Total:244.14 GB) (Free:207.28 GB) (Model: INTEL HBRPEKNX0203AH) (Protected) NTFS
Drive f: (UUI) (Fixed) (Total:931.51 GB) (Free:894.46 GB) (Model: Seagate Portable SCSI Disk Device) NTFS
 
\\?\Volume{9de0abb6-f367-486b-acf9-9b1003770441}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{9dc73b09-85e2-44a2-b023-f57d32322744}\ () (Fixed) (Total:1.28 GB) (Free:0.06 GB) NTFS
\\?\Volume{9a4c0156-4bb5-4afb-979e-c62e80564463}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 1C25566E)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A39CE370)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
 

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts
Hello and welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure. 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
  • 0

#3
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Agreed, thanks for your help


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Sorry I'm asking: are all the adobe products you have installed licensed with a genuine key?


  • 0

#5
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Yes they are all licensed (actually with two different licenses - i.e. via two different email addresses - one photoshop and one Adobe reader, editor etc)

 

All paid monthly via the cloud.


Edited by dpwm, 15 July 2024 - 03:35 AM.

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Thank you for clarifying that.


1. Run Malwarebytes (scan only)

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.

 


In your next reply, please post:

  • The Malwarebytes report
  • The AdwCleaner[S0*].txt

  • 0

#7
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/15/2024
Scan Time: 11:00 AM
Log File: 22e52086-4291-11ef-8e1e-00ff7681c90e.json
 
-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1270
Update Package Version: 1.0.86854
License: Free
 
-System Information-
OS: Windows 11 (Build 22631.3880)
CPU: x64
File System: NTFS
User: Darrell-HP-Spectre\motti
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308727
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 34 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-15-2024
# Duration: 00:00:10
# OS:       Windows 11 (Build 22631.3880)
# Scanned:  32098
# Detected: 5
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.CrossRider         majjphhgppkndjjkmhhnbgafooenebhd
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.iMusicSearch       Music World Search - {2451ecb9-6260-4564-a546-8532f04b587a}
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

1. AdwCleaner (Clean mode)

This tool detected the following:
 
PUP.Optional.CrossRider         majjphhgppkndjjkmhhnbgafooenebhd
PUP.Optional.iMusicSearch       Music World Search - {2451ecb9-6260-4564-a546-8532f04b587a}

Although PUPs (Potentially Unwanted Programs), I recommend you to remove them both.
 
The other detections have to do with pre-installed software, software that came pre-installed when you bought the computer. It's up to you if you would like to keep or remoe it. 

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
  • Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If nothing found, you won't see this message. If you don't want to remove any preinstalled software, click Cancel and continue.
  • Click Continue, then click Restart now, and you’re done.
  • Once your computer has restarted:
    • Click the Log Files tab.
    • Click Skip Basic Repair to finish the cleaning process
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

 

2. ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
  2. The eset.txt

  • 0

#9
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-15-2024
# Duration: 00:00:04
# OS:       Windows 11 (Build 22631.3880)
# Cleaned:  5
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       majjphhgppkndjjkmhhnbgafooenebhd
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
Deleted       Music World Search - {2451ecb9-6260-4564-a546-8532f04b587a}
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1823 octets] - [15/07/2024 11:10:44]
AdwCleaner[S01].txt - [1884 octets] - [15/07/2024 12:09:53]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
15/07/2024 15:12:45
Scanned files: 638886
Detected files: 1
Cleaned files: 2
Total scan time 02:52:26
Scan status: Finished
C:\Program Files (x86)\CCleaner Browser\CCleanerBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting
 

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Do you confirm that this is the Eset's result? 

 

Detected files: 1
Cleaned files: 2
 
C:\Program Files (x86)\CCleaner Browser\CCleanerBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting
 
 
Where is the other deleted item? 

  • 0

Advertisements


#11
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Yes I know I thought it was strange that it detected one file but cleaned two?

 

From looking at the Quarantine 'tab' I can see that C:\Program Files (x86)\CCleaner Browser\CCleanerBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner is all that is in there.


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

OK. 
 
Let's now see fresh FRST logs, Addition and FRST.

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#13
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.07.2024
Ran by motti (administrator) on DARRELL-HP-SPEC (HP HP Spectre x360 Convertible 13-aw0xxx) (15-07-2024 19:59:24)
Running from C:\Users\motti\OneDrive\Desktop\FRST64.exe
Loaded Profiles: User & motti
Platform: Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Photoshop (Beta)\Adobe Crash Processor.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop (Beta)\LogTransport2.exe
(Agilebits -> 1Password) C:\Users\motti\AppData\Local\1Password\app\8\1Password.exe <3>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <4>
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.102\msedgewebview2.exe <12>
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\motti\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxCUIServiceN.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <29>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.625.600_x64__8wekyb3d8bbwe\olk.exe
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ) C:\Windows\SysWOW64\ElanTouchXiSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5260ddd49ca9ef3b\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f28757245a4f2ef2\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_e860b467f6e0e00c\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7fce628e158be8d7\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Reallusion Inc. -> Reallusion.Inc) C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21998.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21998.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [980496 2019-09-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [HPOneAgentService] => C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1939472 2024-06-11] (HP Inc. -> HP Inc; HP Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2024-05-07] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9248144 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [GoToMeetingInstall19992] => C:\Program Files (x86)\GoToMeeting\19992\G2MInstaller.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194056 2024-06-11] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45629344 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CCleanerBrowserAutoLaunch_8D4CC1622ACB2D8CF3B8EA616AD9F228] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [electron.app.Loom] => C:\Users\motti\AppData\Local\Programs\Loom\Loom.exe [139767008 2022-04-28] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\motti\AppData\Local\Microsoft\Teams\Update.exe [2613704 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [MicrosoftEdgeAutoLaunch_2F00D187B1D9FA874EA7F713C90970C2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\motti\AppData\Local\WebEx\WebexHost.exe [8039008 2023-04-10] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [electron.app.BlueStacks Services] => C:\Users\motti\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [1Password] => C:\Users\motti\AppData\Local\1Password\app\8\1Password.exe [176788320 2024-07-10] (Agilebits -> 1Password)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [GoogleChromeAutoLaunch_9D886D343CA417F5BE314B99A95D3F56] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2795808 2024-06-22] (Google LLC -> Google LLC)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8523168 2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Run: [CiscoSpark] => C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1468 2024-07-13] () [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP CE11 Status Monitor: C:\WINDOWS\system32\hpinkstsCE11LM.dll [393352 2017-03-20] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\126.0.25558.127\Installer\chrmstp.exe [2024-07-12] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-26] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reallusion Hub.lnk [2023-01-31]
ShortcutTarget: Reallusion Hub.lnk -> C:\Program Files\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe (Reallusion Inc. -> Reallusion Inc.)
Startup: C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-06-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartRLCMS.lnk [2024-06-12]
ShortcutTarget: StartRLCMS.lnk -> C:\ProgramData\Reallusion\RLRunUtility.exe (Reallusion Inc. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AA87FC4E-86AC-4307-B5B8-CBE36B0D9D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {283DF49F-A2A5-4115-B105-1806F846A437} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1136560 2024-06-27] (Adobe Inc. -> Adobe Inc.)
Task: {8F70E18E-CE9D-4D2F-86BA-4B04639DC62B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0BCEE535-69A8-45FF-98A5-CADD9DE16C90} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4454832 2024-06-06] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {97013843-FA2E-4BC7-9350-6DA0B50D360B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-25] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {AA7A1856-9F21-4FF1-96BE-EC86D74084A4} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {4870C176-FE00-40B7-A6E9-EEEE3A1E6D29} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3171032 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {F78F0C83-ACB0-486D-AA67-EEBE6E2B5969} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {49235ACF-5CB6-4D1B-A70E-A08AEF378983} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1717416 2024-04-23] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {7EC982AC-22B7-40A0-B01B-EDDE84DA529B} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [39451552 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {6350A572-F37C-4D77-BBF0-157DBE407BE3} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5b736df5-b3b7-4f62-b89a-cfefa97e4f09" --version "6.25.11131" --silent
Task: {01D7E00B-9642-4604-B9D5-1489E429AAE7} - System32\Tasks\CCleanerSkipUAC - motti => C:\Program Files\CCleaner\CCleaner.exe [39451552 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4024D1FC-4571-4F45-82B6-3C391E1EF381} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {A0EA4502-3DCA-4247-B2C5-A8B02C572750} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {BDED7DBD-92A8-4C28-AADB-ACA85E100435} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F204FC16-E047-4E30-A9D6-113F08BBE806} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EA3A61F8-DD3D-4895-B20B-7D7884B6B70F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\motti\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-07-15] (ESET, spol. s r.o. -> ESET)
Task: {58445513-B46E-4391-8773-849DC7CFC7BA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\motti\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-07-15] (ESET, spol. s r.o. -> ESET)
Task: {AFEE6E1D-64BE-4F55-A95C-70084CA8DF7C} - System32\Tasks\G2MUpdateTask-AllUsers => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A9A8AB5E-EDC8-4740-B651-E69220A017DF} - System32\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4EBC3AC7-6513-4295-9549-65A60300D909} - System32\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003 => C:\Program Files (x86)\GoToMeeting\19992\g2mupload.exe [34872 2024-07-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {FDC39B0D-1C48-41D3-9336-AEFBDB6A5973} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{512A5718-D5C6-4340-BF90-419095B97671} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {B842348F-FBC7-48DF-8AB3-29EB1B6984FC} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-21] (HP Inc. -> HP Inc.)
Task: {E3122FC2-68E7-44FC-8211-546A173EAF60} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-21] (HP Inc. -> HP Inc.)
Task: {40739564-5E33-4948-B6F2-C84DC377C52A} - System32\Tasks\HPCustParticipation HP ENVY 5540 series => C:\Program Files\HP\HP ENVY 5540 series\Bin\HPCustPartic.exe [6438536 2017-03-27] (Hewlett Packard -> HP Inc.)
Task: {385005BB-EA9B-4396-85AC-509DFAF74C05} - System32\Tasks\HPOneAgentRepairTask => C:\ProgramData\Package Cache\{EC1ABEFA-64AF-46EC-B656-2BA6F30CB630}\HPOneAgent.exe [1169552 2024-07-11] (HP Inc. -> HP Inc.)
Task: {ADFC1E29-6B60-4E18-9828-FFA4B09C0C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E64DD43-5498-4F33-BA4A-9147AAF96B9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {37F3DB52-9BF5-4A45-B463-E590C30B433F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {C52AADEF-447B-403E-88F3-4545A9EF31C8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E15372D8-A037-46C0-B0E9-355105D034E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169408 2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {0BF599E4-8B95-4394-B57C-ECF164CA654C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [90112 2024-07-10] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {CF127EFA-2905-4E05-98AE-332725BFB03B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {47C1635D-5418-4605-AAC8-9D8B72A239D9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {DEFC4DB6-85D3-45BC-A899-374F19E8FFD2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {A1D98CA3-4D86-4077-9640-BFD2C264F36D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B64C18B-60D7-4A8F-8402-1495DAE8E064} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47A99ED8-B9A9-4BA1-8C4F-AEA865D39FB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B964E7C-3132-4EFA-B90C-500FD250590F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0132FCA1-1079-444F-98C6-E29002F12BE6} - System32\Tasks\Opera scheduled assistant Autoupdate 1614264413 => C:\Users\motti\AppData\Local\Programs\Opera\launcher.exe  -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\motti\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B} - System32\Tasks\Opera scheduled Autoupdate 1614264411 => c:\users\motti\appdata\local\programs\opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {41B320C0-D9D8-4417-9BCA-11A29B3341D0} - System32\Tasks\RLHub_SkipUac_motti => C:\Program Files\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe [1568008 2022-12-28] (Reallusion Inc. -> Reallusion Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-AllUsers.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003.job => C:\Program Files (x86)\GoToMeeting\19992\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2456C66756465627560275966496: [DhcpNameServer] 8.8.8.8 185.51.168.5
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2496A737071636560245865616C6560234573747F6D65627: [DhcpNameServer] 10.0.22.254
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\2496A737071636560245865616C656027457563747: [DhcpNameServer] 10.0.100.254
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\34F63747160234F6666656560275966496: [DhcpNameServer] 88.215.61.255 88.215.63.255
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\359627F6E616: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4416272756C6C6723702352303: [DhcpNameServer] 192.168.206.22
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4425D454: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\4425D454: [DhcpDomain] home
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\44D4: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\84F6D6567596D26496: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\84F6D6567596D26496: [DhcpDomain] home
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\B4F6E6E6563647: [DhcpNameServer] 8.8.8.8 192.168.0.5
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\B4F6E6E6563647: [DhcpDomain] parkloyd.london
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616025374: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E6961602F46666963656: [DhcpNameServer] 10.40.16.11
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E6961602F46666963656: [DhcpDomain] OMNIA.LOCAL
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616D23547166666: [DhcpNameServer] 10.40.16.11
Tcpip\..\Interfaces\{6b948f1b-e239-44b3-9684-b077ccd31194}\F4D6E69616D23547166666: [DhcpDomain] OMNIA.LOCAL
Tcpip\..\Interfaces\{9387b233-62ed-49cd-b888-59a123360191}: [NameServer] 172.17.3.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-15]
Edge Notifications: Default -> hxxps://b.oataltaul.com; hxxps://calendar.google.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.justarsenal.com; hxxps://www.youtube.com
Edge Extension: (Loom for Edge) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abeameknhmpmfegfbeioekonmhbmbpai [2022-09-03]
Edge Extension: (Property Tracker) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgkpdjomdmemeefdefalbeogkmlmand [2022-09-03]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-29]
Edge Extension: (Save to Pinterest) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2024-07-06]
Edge Extension: (DuckDuckGo) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-07-13]
Edge Extension: (lock) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-06-23]
Edge Extension: (MozBar) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2022-09-03]
Edge Extension: (Project Naptha) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eckaechjaiiiffijigiigbhbfhelljmi [2022-09-03]
Edge Extension: (Meta Pixel Helper) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-03-06]
Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-19]
Edge Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-17]
Edge Extension: (Streak CRM for Gmail) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjfnhcobilifnmokegginjeenmlmlccn [2024-07-13]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-07-06]
Edge Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-07-02]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-12]
Edge Extension: (Fontanello) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdlhfjlpaijjhklfadlhbbmpjfddkglc [2024-04-04]
Edge Extension: (Edge relevant text changes) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Gmail reverse conversation) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2023-08-02]
Edge Extension: (Similar Sites - Discover Related Websites) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2024-06-28]
Edge Extension: (Endole QuickView) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nfbbahbhaadfdhedpoifbamfdcfnflei [2022-09-03]
Edge Extension: (Clipt) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpicahlgepngcpigiiebnheihgbaenh [2022-09-03]
Edge Extension: (PropertyData - Data, Info & Analysis) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nmgflehpkmokienojjgpbddklnedoonp [2024-04-04]
Edge Extension: (Scribe: AI Documentation, SOPs & Screenshots) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okfkdaglfjjjfefdcppliegebpoegaii [2024-07-10]
Edge Extension: (Vidyard - Screen Recorder & Screen Capture) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ollpphgpdfopboaicbijmelbeninibli [2024-07-06]
Edge Extension: (Lusha - Easily find B2B contact information) - C:\Users\motti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pafckojojojjcjiimflfcchilgkeblcj [2024-06-28]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: svm6znfc.default
FF ProfilePath: C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\svm6znfc.default [2020-06-16]
FF ProfilePath: C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release [2024-07-15]
FF Notifications: Mozilla\Firefox\Profiles\bsh8s6mf.default-release -> hxxps://www.sunderlandecho.com
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\[email protected] [2021-02-03]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-09-08]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2023-05-06]
FF Extension: (FF Facebook Pixel Helper) - C:\Users\motti\AppData\Roaming\Mozilla\Firefox\Profiles\bsh8s6mf.default-release\Extensions\{f78d2e9e-892f-43bf-8bd2-a79a85203a0b}.xpi [2021-12-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-05-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-06-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default [2024-07-15]
CHR Notifications: Default -> hxxps://app.hubspot.com; hxxps://calendar.google.com; hxxps://cm.zoho.eu; hxxps://crm.zoho.eu; hxxps://harbourclub.pushcrew.com; hxxps://mail.google.com; hxxps://property.mitula.co.uk; hxxps://saymineapp.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.insta360.com; hxxps://www.loom.com; hxxps://www.upwork.com
CHR Extension: (lock) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2024-06-21]
CHR Extension: (ColorZilla) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2024-05-29]
CHR Extension: (DuckDuckGo) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-06-21]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-07-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-07-06]
CHR Extension: (MozBar) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2022-01-25]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-07-06]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-21]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-12]
CHR Extension: (Save to Pinterest) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-07-06]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-07-06]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-06-12]
CHR Extension: (Fontanello) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlhfjlpaijjhklfadlhbbmpjfddkglc [2024-04-03]
CHR Extension: (Gmail reverse conversation) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgepjmmgamniaefbjlbacahkjjnjoaa [2023-08-03]
CHR Extension: (Loom – Screen Recorder & Screen Capture) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2024-07-10]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2024-07-13]
CHR Extension: (Endole QuickView) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbbahbhaadfdhedpoifbamfdcfnflei [2020-07-30]
CHR Extension: (Clipt) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpicahlgepngcpigiiebnheihgbaenh [2022-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Scribe: AI Documentation, SOPs & Screenshots) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfkdaglfjjjfefdcppliegebpoegaii [2024-07-10]
CHR Extension: (Streak CRM for Gmail) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2024-07-13]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-07-13]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-27]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-06]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-27]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-07-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\motti\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-31]
CHR Profile: C:\Users\motti\AppData\Local\Google\Chrome\User Data\System Profile [2024-07-15]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-633662038-590885182-3186226141-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable [2024-07-13]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-05-05]
OPR Extension: (Opera Wallet) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-05-05]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-10-30]
OPR Extension: (Opera AI Prompts) - C:\Users\motti\AppData\Roaming\Opera Software\Opera Stable\Extensions\mljbnbeedpkgakdchcmfapkjhfcogaoc [2023-05-05]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944048 2024-06-27] (Adobe Inc. -> Adobe Inc.)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\126.0.25558.127\elevation_service.exe [1773360 2024-07-03] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-06-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-21] (Microsoft Corporation -> Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-04-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
S4 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\203.4.4857\DropboxElevationService.exe [1659288 2024-07-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 ElanTouchXiSvc; C:\WINDOWS\SysWOW64\ElanTouchXiSvc.exe [560864 2022-12-19] (ELAN MICROELECTRONICS CORPORATION -> )
S4 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1939472 2024-06-11] (HP Inc. -> HP Inc; HP Development Company, L.P.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\AppHelperCap.exe [928312 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\DiagsCap.exe [926672 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\NetworkCap.exe [922576 2024-06-15] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-21] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_62028dfcb8fe6a80\x64\SysInfoCap.exe [927800 2024-06-15] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_5260ddd49ca9ef3b\AS\IAS\IntelAudioService.exe [412152 2022-10-24] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-15] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 RLHostService; C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe [285008 2022-01-13] (Reallusion Inc. -> Reallusion.Inc)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256856 2023-08-16] (Intel Corporation -> Intel Corporation)
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [140424 2024-04-19] (TunnelBear (McAfee Canada ULC) -> TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\motti\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\axusbeth.inf_amd64_00da554e0fe424fd\AxUsbEth.sys [168048 2024-06-11] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218608 2024-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-06] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl88900e6e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7BD91E6-9079-41D1-B112-1D09D0493EE6}\MpKslDrv.sys [271640 2024-07-15] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsld09cbaa0; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [222464 2023-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 polarbear-split-tunneling; C:\Program Files (x86)\TunnelBear\Drivers\x64\SplitTunnelingDriver.sys [29176 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2020-11-14] (TunnelBear, Inc. -> The OpenVPN Project)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-11-14] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2022-10-21] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-15 15:12 - 2024-07-15 15:12 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-07-15 15:12 - 2024-07-15 15:12 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-07-15 15:12 - 2024-07-15 15:12 - 000000722 _____ C:\Users\motti\OneDrive\Desktop\eset.txt
2024-07-15 12:15 - 2024-07-15 17:00 - 000001378 _____ C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-07-15 12:15 - 2024-07-15 17:00 - 000001278 _____ C:\Users\motti\OneDrive\Desktop\ESET Online Scanner.lnk
2024-07-15 12:15 - 2024-07-15 12:15 - 000000000 ____D C:\Users\motti\AppData\Local\ESET
2024-07-15 12:14 - 2024-07-15 12:14 - 008389496 _____ (ESET) C:\Users\motti\OneDrive\Desktop\esetonlinescanner.exe
2024-07-15 11:10 - 2024-07-15 11:10 - 008790880 _____ (Malwarebytes) C:\Users\motti\OneDrive\Desktop\adwcleaner(1).exe
2024-07-15 11:09 - 2024-07-15 12:11 - 000000000 ____D C:\AdwCleaner
2024-07-15 11:09 - 2024-07-15 11:09 - 000001238 _____ C:\Users\motti\OneDrive\Desktop\Malwarebytes Scan Report 2024-07-15 100059.txt
2024-07-15 10:42 - 2024-07-15 10:42 - 000375273 _____ C:\Users\motti\Downloads\240187-OGSO.pdf
2024-07-15 10:42 - 2024-07-15 10:42 - 000375168 _____ C:\Users\motti\Downloads\240186-OGSO.pdf
2024-07-13 16:42 - 2024-07-13 16:46 - 000060581 _____ C:\Users\motti\OneDrive\Desktop\Addition.txt
2024-07-13 16:41 - 2024-07-15 20:00 - 000054511 _____ C:\Users\motti\OneDrive\Desktop\FRST.txt
2024-07-13 16:41 - 2024-07-15 19:59 - 000000000 ____D C:\FRST
2024-07-13 16:38 - 2024-07-13 16:38 - 002395648 _____ (Farbar) C:\Users\motti\OneDrive\Desktop\FRST64.exe
2024-07-13 13:34 - 2024-07-13 13:34 - 000001460 _____ C:\Users\motti\OneDrive\Desktop\Webex.lnk
2024-07-13 13:34 - 2024-07-13 13:34 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\Program Files\Zoom
2024-07-13 13:31 - 2024-07-13 13:31 - 000000000 ____D C:\Program Files\Common Files\Zoom
2024-07-13 13:11 - 2024-07-13 13:36 - 000000546 _____ C:\WINDOWS\Tasks\G2MUpdateTask-AllUsers.job
2024-07-13 13:11 - 2024-07-13 13:11 - 000003634 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-AllUsers
2024-07-13 13:11 - 2024-07-13 13:11 - 000000000 ____D C:\Program Files (x86)\GoToMeeting
2024-07-13 13:10 - 2024-07-13 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2024-07-13 13:10 - 2024-07-13 13:10 - 000000000 ____D C:\Program Files\nodejs
2024-07-13 13:08 - 2024-07-13 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2024-07-12 15:32 - 2024-07-12 15:32 - 002170904 _____ C:\Users\motti\Downloads\screencapture-lagonda-maskalls-co-uk-2024-07-12-15_31_52.pdf
2024-07-12 09:46 - 2024-07-12 09:51 - 000000000 ___HD C:\$WinREAgent
2024-07-12 09:42 - 2024-07-12 09:42 - 000050997 _____ C:\Users\motti\Downloads\Invoice INV-01280.pdf
2024-07-11 08:49 - 2024-07-11 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-07-10 13:12 - 2024-07-10 13:12 - 000077710 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Omnia_Monthly_Management_Reporting_Pack_-_Update_North_South (3).xlsx
2024-07-10 12:56 - 2024-07-10 12:56 - 000066300 _____ C:\Users\motti\Downloads\Omnia_Outsourcing_Limited_-_Omnia_Monthly_Management_Reporting_Pack_- May 24 - DRAFT.xlsx
2024-07-10 10:28 - 2024-07-10 10:28 - 000000000 ____D C:\ProgramData\bst_boost_interprocess
2024-07-10 10:28 - 2024-07-10 10:27 - 000007160 _____ C:\Users\motti\-1.14-windows.xml
2024-07-10 10:27 - 2024-07-10 10:28 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2024-07-10 10:27 - 2024-07-10 10:27 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2024-07-10 01:59 - 2024-07-10 01:59 - 000025684 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-10 01:58 - 2024-07-10 01:58 - 000025684 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-09 15:46 - 2024-07-09 15:46 - 000155801 _____ C:\Users\motti\Downloads\RE_ Let's complete your virtual office onboarding – Omnia Outsourcing _ Sirona Medical Ltd.zip
2024-07-09 12:02 - 2024-07-09 12:02 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-07-08 18:28 - 2024-07-08 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2024-07-08 10:52 - 2024-07-08 10:52 - 000000482 _____ C:\Users\motti\OneDrive\Desktop\DM director.txt
2024-07-05 15:19 - 2024-07-05 15:19 - 005229224 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw10.sys
2024-07-05 15:19 - 2024-07-05 15:19 - 001496120 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter10.dll
2024-07-05 09:19 - 2024-07-05 09:23 - 002662212 _____ C:\Users\motti\Downloads\O076 - Let Eng Accts and Tax 2023 (1).pdf
2024-07-03 18:03 - 2024-07-03 18:03 - 000110961 _____ C:\Users\motti\Downloads\R M Beckett.pdf
2024-07-03 16:57 - 2024-07-03 16:58 - 004014701 _____ C:\Users\motti\Downloads\jpg-pdf-1.zip
2024-07-02 15:13 - 2024-07-02 15:13 - 000193031 _____ C:\Users\motti\Downloads\Three Business Agreement for OMNIA BACK OFFICE LIMITED.pdf
2024-07-01 14:38 - 2024-07-01 15:14 - 000000000 ____D C:\Users\motti\OneDrive\Desktop\Jon K KC
2024-07-01 13:34 - 2024-07-12 09:26 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop (Beta).lnk
2024-06-30 11:29 - 2024-06-30 11:29 - 000131242 _____ C:\Users\motti\Downloads\return-label.pdf
2024-06-28 13:37 - 2024-06-28 13:47 - 000000957 _____ C:\Users\motti\Downloads\[email protected]
2024-06-27 16:10 - 2024-06-28 16:46 - 000007715 _____ C:\Users\motti\Downloads\Trevor.txt
2024-06-27 15:38 - 2024-06-27 15:38 - 000000000 ____D C:\Users\motti\Downloads\Vaishvick Law
2024-06-27 15:27 - 2024-06-27 15:27 - 000000000 ____D C:\Users\motti\Downloads\asw
2024-06-27 12:20 - 2024-06-27 12:20 - 000102171 _____ C:\Users\motti\Downloads\20240517 Schedule 36 Notice-1.pdf
2024-06-27 12:19 - 2024-06-27 12:19 - 000078333 _____ C:\Users\motti\Downloads\Schedule of information.pdf
2024-06-27 12:11 - 2024-06-27 12:11 - 000135413 _____ C:\Users\motti\Downloads\Fwd_ Draft agreement for Omnia 'payroll' contract.eml
2024-06-25 16:47 - 2024-06-25 16:47 - 000475884 _____ C:\Users\motti\OneDrive\Desktop\Investec Capital Solutions - Credit Search Declaration.pdf
2024-06-21 15:41 - 2024-06-21 15:41 - 000996819 _____ C:\Users\motti\OneDrive\Desktop\self assessment.pdf
2024-06-20 11:30 - 2024-06-20 11:30 - 000053275 _____ C:\Users\motti\Downloads\statement-2023-December.pdf
2024-06-20 10:15 - 2024-06-20 10:15 - 029359096 _____ C:\Users\motti\Downloads\OmniaSirona Compliance 2024 .pdf
2024-06-18 12:55 - 2024-06-18 12:55 - 000873336 _____ C:\Users\motti\OneDrive\Desktop\Omnia Cash Flow Model 2024 05 14 cash flow forecast for 1 year V4.xlsx
2024-06-17 15:39 - 2024-06-17 15:39 - 017101472 _____ C:\Users\motti\Downloads\darrell.pdf
2024-06-17 14:40 - 2024-06-17 14:40 - 000137393 _____ C:\Users\motti\OneDrive\Desktop\GEN1500W - Pensions Declaration Document.docx.pdf
2024-06-17 09:55 - 2024-06-17 09:55 - 000036809 _____ C:\Users\motti\Downloads\Invoice_9269_from_Autism_Berkshire.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-15 19:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-15 19:53 - 2023-05-05 16:21 - 000000000 ____D C:\Users\motti\AppData\Local\Malwarebytes
2024-07-15 19:50 - 2023-01-14 14:02 - 2146345984 _____ C:\Users\motti\AppData\Local\SageThumbs.db3
2024-07-15 19:35 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-15 18:15 - 2022-10-12 09:59 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-07-15 16:58 - 2022-10-12 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-15 15:26 - 2022-10-12 09:59 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1BB2B7B1-C839-4CF8-8958-D022F9BE0E67}
2024-07-15 12:59 - 2020-06-09 19:37 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Excel
2024-07-15 12:54 - 2021-02-21 13:31 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-07-15 12:51 - 2024-01-22 20:30 - 000000000 ____D C:\Users\motti\AppData\Roaming\1Password
2024-07-15 12:20 - 2022-10-12 10:03 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-15 12:20 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-07-15 12:13 - 2020-08-27 18:16 - 000000000 ____D C:\Program Files\CCleaner
2024-07-15 12:12 - 2023-01-31 19:32 - 000000000 ____D C:\ProgramData\Reallusion
2024-07-15 12:12 - 2022-10-12 09:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-15 12:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-07-15 12:12 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-07-15 12:12 - 2021-03-16 19:55 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-15 12:12 - 2020-08-06 11:23 - 000000642 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003.job
2024-07-15 12:12 - 2020-08-06 11:23 - 000000546 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003.job
2024-07-15 12:12 - 2020-06-09 19:20 - 000000000 __SHD C:\Users\motti\IntelGraphicsProfiles
2024-07-15 12:12 - 2020-05-11 08:54 - 000000000 ____D C:\ProgramData\HP
2024-07-15 12:12 - 2020-05-11 08:46 - 000000000 ____D C:\Intel
2024-07-15 12:11 - 2023-04-10 02:16 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-07-15 10:47 - 2023-07-06 15:01 - 000002568 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-07-15 03:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-14 11:39 - 2020-06-10 13:07 - 000000000 ____D C:\Users\motti\AppData\Local\D3DSCache
2024-07-14 02:22 - 2022-10-12 09:59 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-14 02:22 - 2022-10-12 09:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-14 02:22 - 2021-09-28 14:22 - 000000000 ___RD C:\Users\motti\Ambasco
2024-07-14 02:22 - 2021-03-16 19:56 - 000002379 _____ C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-13 17:19 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-13 16:49 - 2024-01-22 20:30 - 000000000 ____D C:\Users\motti\AppData\Local\1Password
2024-07-13 13:49 - 2022-02-10 01:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-13 13:48 - 2020-06-09 19:20 - 000000000 ____D C:\Users\motti\AppData\Local\Packages
2024-07-13 13:48 - 2020-05-11 08:46 - 000000000 ____D C:\ProgramData\Packages
2024-07-13 13:37 - 2022-10-12 09:59 - 000003808 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-13 13:37 - 2022-10-12 09:59 - 000003712 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-633662038-590885182-3186226141-1003
2024-07-13 13:37 - 2020-07-01 14:27 - 000000000 ____D C:\Users\motti\AppData\Roaming\Zoom
2024-07-13 13:36 - 2024-04-08 12:57 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-07-13 13:36 - 2024-04-08 12:57 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-07-13 13:36 - 2022-12-15 14:28 - 000000280 _____ C:\WINDOWS\Tasks\CCleanerClean.job
2024-07-13 13:35 - 2024-04-08 12:57 - 000003512 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-07-13 13:35 - 2024-04-08 12:57 - 000003288 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-07-13 13:35 - 2023-09-27 16:01 - 000000000 ____D C:\Users\motti\AppData\Roaming\bluestacks-services
2024-07-13 13:35 - 2022-10-12 09:59 - 000002532 _____ C:\WINDOWS\system32\Tasks\Adobe Creative Cloud
2024-07-13 13:35 - 2022-10-12 09:54 - 000000000 ____D C:\Users\motti
2024-07-13 13:28 - 2020-07-17 09:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-13 13:15 - 2023-09-27 16:01 - 000003014 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-07-13 13:15 - 2022-10-12 09:59 - 000003914 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1614264413
2024-07-13 13:15 - 2022-10-12 09:59 - 000003720 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1614264411
2024-07-13 13:15 - 2022-10-12 09:59 - 000002656 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-07-13 13:14 - 2024-01-25 10:27 - 000002814 _____ C:\WINDOWS\system32\Tasks\HPOneAgentRepairTask
2024-07-13 13:14 - 2022-12-15 14:28 - 000003120 _____ C:\WINDOWS\system32\Tasks\CCleanerClean
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-07-13 13:10 - 2023-03-16 13:16 - 000000000 ____D C:\Program Files\WinRAR
2024-07-13 13:08 - 2023-04-23 18:20 - 000000000 ____D C:\Program Files\Git
2024-07-13 13:08 - 2020-06-10 13:10 - 000000000 ____D C:\ProgramData\Package Cache
2024-07-13 13:06 - 2023-07-07 23:50 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2024-07-13 13:06 - 2023-07-07 23:50 - 000000000 ____D C:\Program Files\Audacity
2024-07-13 13:06 - 2022-02-04 15:11 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-07-13 09:30 - 2022-10-19 05:18 - 000000000 ____D C:\WINDOWS\Minidump
2024-07-13 09:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-13 09:30 - 2020-11-23 10:21 - 000000000 ____D C:\Users\motti\AppData\Local\CrashDumps
2024-07-13 09:25 - 2024-04-08 12:58 - 000000000 ____D C:\Users\motti\AppData\Roaming\Dropbox
2024-07-13 09:25 - 2024-04-08 12:58 - 000000000 ____D C:\Users\motti\AppData\Local\Dropbox
2024-07-13 03:01 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-13 01:50 - 2023-03-30 18:47 - 000001575 _____ C:\WINDOWS\system32\config\VSMIDK
2024-07-13 01:48 - 2022-10-12 09:53 - 000643408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-13 01:46 - 2023-12-15 04:24 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-13 01:46 - 2023-10-13 03:27 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-07-13 01:46 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-13 01:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-12 20:47 - 2020-06-10 12:53 - 000000000 ____D C:\Users\motti\AppData\Roaming\Microsoft\Word
2024-07-12 14:45 - 2021-02-21 13:31 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-07-12 09:57 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-12 09:26 - 2023-08-04 09:39 - 000000000 ___HD C:\adobeTemp
2024-07-12 09:25 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-07-12 09:24 - 2022-10-12 09:59 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 09:24 - 2022-10-12 09:59 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 08:49 - 2024-04-08 12:57 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-07-10 10:27 - 2024-03-14 14:54 - 000000000 ____D C:\Users\motti\AppData\Local\BlueStacks X
2024-07-10 10:27 - 2023-09-27 15:59 - 000000000 ____D C:\Users\motti\AppData\Local\Bluestacks
2024-07-10 09:14 - 2024-01-22 20:30 - 000001352 _____ C:\Users\motti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-07-10 01:59 - 2022-10-12 09:54 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-07-10 01:41 - 2020-05-11 08:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-10 01:35 - 2020-05-11 08:52 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-09 17:47 - 2024-01-30 14:29 - 000000000 ____D C:\Users\motti\OneDrive\Desktop\158
2024-07-08 18:28 - 2023-03-16 11:51 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2024-07-06 20:14 - 2024-02-27 15:38 - 005108725 _____ C:\Users\motti\OneDrive\Desktop\BlueStacks-Support.7z
2024-07-06 20:12 - 2024-05-17 19:43 - 000002169 _____ C:\Users\motti\OneDrive\Desktop\TeamStreamsSmartersQV2.lnk
2024-07-06 20:12 - 2023-09-27 16:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-07-06 08:39 - 2022-03-22 12:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-07-05 09:21 - 2024-01-12 10:24 - 000000000 __RHD C:\Users\motti\Creative Cloud Files
2024-07-02 09:52 - 2022-11-17 10:48 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-07-02 09:34 - 2020-05-11 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2024-07-01 22:55 - 2022-11-17 10:48 - 000003378 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-07-01 22:55 - 2022-10-12 09:59 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-07-01 13:34 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files\Adobe
2024-07-01 13:33 - 2020-06-10 13:10 - 000000000 ____D C:\ProgramData\Adobe
2024-06-30 23:14 - 2020-06-09 19:27 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-29 10:23 - 2022-10-13 10:24 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-06-29 10:23 - 2022-10-13 10:24 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-27 08:22 - 2023-03-01 19:25 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2024-06-27 08:22 - 2020-06-10 13:09 - 000000000 ____D C:\Program Files (x86)\Adobe
2024-06-26 20:25 - 2020-06-09 19:58 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 17:49 - 2020-09-17 13:45 - 000000000 ____D C:\Users\motti\AppData\Roaming\vlc
2024-06-21 16:25 - 2023-05-17 10:01 - 000000000 ____D C:\Program Files (x86)\Razer
2024-06-21 05:13 - 2022-10-12 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-17 10:37 - 2023-10-08 10:40 - 000010720 _____ C:\Users\motti\OneDrive\Desktop\Front Garden.xlsx
 
==================== Files in the root of some directories ========
 
2023-09-22 09:19 - 2023-09-25 09:47 - 000001456 _____ () C:\Users\motti\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-08-04 16:31 - 2022-08-04 23:21 - 000000457 _____ () C:\Users\motti\AppData\Local\kdeglobals
2022-08-04 16:29 - 2022-08-04 16:29 - 000008337 _____ () C:\Users\motti\AppData\Local\kdenlive-layoutsrc
2022-08-04 16:29 - 2022-08-10 12:44 - 000005364 _____ () C:\Users\motti\AppData\Local\kdenliverc
2020-06-10 13:10 - 2020-06-10 13:10 - 000000410 _____ () C:\Users\motti\AppData\Local\oobelibMkey.log
2022-08-04 16:31 - 2022-08-04 16:31 - 000000856 _____ () C:\Users\motti\AppData\Local\recently-used.xbel
2020-06-30 10:05 - 2020-06-30 10:05 - 000007605 _____ () C:\Users\motti\AppData\Local\Resmon.ResmonCfg
2023-01-14 14:02 - 2024-07-15 19:50 - 2146345984 _____ () C:\Users\motti\AppData\Local\SageThumbs.db3
2022-08-04 16:29 - 2022-08-04 16:29 - 000006414 _____ () C:\Users\motti\AppData\Local\user-places.xbel
2022-08-04 16:29 - 2022-08-04 16:29 - 000005733 _____ () C:\Users\motti\AppData\Local\user-places.xbel.bak
2022-08-04 16:29 - 2022-08-04 16:29 - 000000000 _____ () C:\Users\motti\AppData\Local\user-places.xbel.tbcache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.07.2024
Ran by motti (15-07-2024 20:00:55)
Running from C:\Users\motti\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3880 (X64) (2022-10-12 08:59:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-633662038-590885182-3186226141-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-633662038-590885182-3186226141-503 - Limited - Disabled)
Guest (S-1-5-21-633662038-590885182-3186226141-501 - Limited - Disabled)
motti (S-1-5-21-633662038-590885182-3186226141-1003 - Administrator - Enabled) => C:\Users\motti
User (S-1-5-21-633662038-590885182-3186226141-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-633662038-590885182-3186226141-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\1Password) (Version: 8.10.36 - AgileBits Inc.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.002.20895 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.3.0.207 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.5.0.43 - Adobe Inc.)
Adobe Photoshop (Beta) (HKLM-x32\...\PHSPBETA_25_12) (Version: 25.12.0.2694 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7_4) (Version: 24.7.4.1251 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_9_1) (Version: 25.9.1.626 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_2_10) (Version: 2.10 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Asana (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Asana) (Version: 1.5.1 - Asana, Inc.)
Audacity 3.5.1 (HKLM\...\Audacity_is1) (Version: 3.5.1 - Audacity Team)
BAND 1.10.5 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\8eaa3f09-bcc8-5716-a0a9-0da1609a4d5b) (Version: 1.10.5 - BAND)
Bing Wallpaper (HKLM-x32\...\{980089C2-9D7D-4438-8DAF-C695E82DF18D}) (Version: 1.0.9.8 - Microsoft Corporation)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.101.1002 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\BlueStacks X) (Version: 10.10.6.1001 - now.gg, Inc.)
Bria (HKLM-x32\...\{0E0D7094-BA64-4B0A-A8ED-E19FB83EE0FF}) (Version: 64.10.6814 - CounterPath Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 6.25 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\ActiveTouchMeetingClient) (Version: 42.10.5 - Cisco Webex LLC)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 203.4.4857 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.911.1 - Dropbox, Inc.) Hidden
Git (HKLM\...\Git_is1) (Version: 2.45.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKLM-x32\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
GoToMeeting 10.20.19992 (HKLM-x32\...\{B3E0462A-A4C7-4489-B59A-21AC8EBD07D5}) (Version: 10.20.19992 - LogMeIn) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP One Agent (HKLM\...\{E3D1BCBD-5AC3-4D4A-B9BA-E7327F321336}) (Version: 1.1.0.55997 - HP Inc.) Hidden
HP One Agent (HKLM\...\{EC1ABEFA-64AF-46EC-B656-2BA6F30CB630}) (Version: 1.1.0.55997 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
ImagenAI 23.1.8-793 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\3a7b72c3-feff-552b-ab36-a4bfabbea3cf) (Version: 23.1.8-793 - Imagen)
kdenlive (HKLM-x32\...\kdenlive) (Version: 22.04.3 - KDE e.V.)
LetsView V1.1.4.5 (HKLM-x32\...\{6AA74BE4-9506-4D81-A07C-A40F883C2EA7}_is1) (Version: 1.1.4.5 - LetsView LIMITED)
Loom 0.126.0 (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.126.0 - Loom, Inc.)
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\{51DBE763-E9CF-3A77-85F1-F674E025313E}) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-633662038-590885182-3186226141-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\OneDriveSetup.exe) (Version: 24.126.0623.0001 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Teams) (Version: 1.7.00.6058 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.14501 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Debug Runtime - 14.29.30139 (HKLM\...\{A6BCA173-4218-4099-B36C-E12B3EE27B5D}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Debug Runtime - 14.29.30139 (HKLM-x32\...\{3521C75E-6E25-47A6-9831-17EE6AAF01E2}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.5.2150.18781 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{6F35042F-F35C-4339-B757-1B9F13C502DA}) (Version: 3.5.2150.18781 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{F59F32AE-45B5-43EF-B96A-6BF21A97021A}) (Version: 3.5.2150.18781 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{FF820EDB-79A3-49B1-AFA0-7E2CD4090AA1}) (Version: 18.20.4 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.6.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{9E4F436B-5B50-4D84-954A-5C8A18CEB836}) (Version: 40.11.1119.1786 - HP Inc.)
Python 3.11.3 (64-bit) (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\{c6a7d2cb-61ea-4f5e-bc56-95faa938bacf}) (Version: 3.11.3150.0 - Python Software Foundation)
Python 3.11.3 Add to Path (64-bit) (HKLM\...\{9EB782CC-B2A5-4B67-BFEC-C91F5B755CAF}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Core Interpreter (64-bit) (HKLM\...\{611F1238-29A9-495F-B1F4-CFFCC98D9421}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Development Libraries (64-bit) (HKLM\...\{D307D056-AF62-4F53-810E-052AAAF0EFB2}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Documentation (64-bit) (HKLM\...\{25DC2A6F-FDC2-40D0-AA9D-3BF392BDF500}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Executables (64-bit) (HKLM\...\{A2BCB6C1-272D-437F-A5BC-92431FC521B4}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 pip Bootstrap (64-bit) (HKLM\...\{55BEEF7A-9288-497D-B5CE-960D2F3C70A3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Standard Library (64-bit) (HKLM\...\{0D289858-69D1-4CB6-946E-659F028DDC27}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Tcl/Tk Support (64-bit) (HKLM\...\{C321A7FC-E479-4E2A-AA09-2698EFEA4CA3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Test Suite (64-bit) (HKLM\...\{BA9ABB78-751C-4488-80A9-60E44290C060}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python 3.11.3 Utility Scripts (64-bit) (HKLM\...\{5BF6CA5B-E057-413A-B87A-CCD47600E465}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C41DB702-D72D-40F4-A2B3-5BAC2DCA2DF2}) (Version: 3.11.3150.0 - Python Software Foundation)
Reallusion Hub (HKLM-x32\...\{CFF2760B-B727-4717-8635-5D668A0C9C4F}) (Version: 5.0.1228.1 - Reallusion Inc. )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
Screaming Frog SEO Spider (HKLM\...\Screaming Frog SEO Spider) (Version: 16.1 - Screaming Frog Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Stremio (HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\Stremio) (Version: 4.4.159 - Smart Code Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
TunnelBear (HKLM-x32\...\{59023481-7539-4FCB-8FA3-FF3459026EF4}) (Version: 4.9.3.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{a3009a1b-131b-45d6-be90-2fb6f2f2d6f3}) (Version: 4.9.3.0 - TunnelBear)
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
vcpp_crt.redist.clickonce (HKLM-x32\...\{09184AC0-ACEE-44D5-95F2-05EE6D27A5E8}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2019 (HKLM-x32\...\188f620a) (Version: 16.11.26 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
Webex (HKLM\...\{6B6748ED-A496-5575-87CD-113C4F3C0FC4}) (Version: 44.7.0.30141 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Zoom Workplace (64-bit) (HKLM\...\{C82F8B71-F488-43D0-8637-56A6E6C1D95B}) (Version: 6.1.41705 - Zoom)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-02-16] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-06-29] ()
Adobe Acrobat DC -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-06-29] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2024-05-16] (Adobe Systems Incorporated)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.XD_57.1.12.2_x64__pc75e8sa7ep4e [2024-05-07] (Adobe Inc.)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-02] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-14] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-10-14] (INTEL CORP)
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.5.189.0_x64__v10z8vjag6ke6 [2024-07-15] (HP Inc.)
CompuClever ITHMB Viewer -> C:\Program Files\WindowsApps\D5BE6627.CompuCleverITHMBViewer_2.5.18.0_x64__9pm2v9747qaaa [2022-03-23] (CompuClever Systems Inc.) [MS Ad]
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-07-11] (Dropbox Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-07-15] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Ink.Handwriting.Main.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-GB.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-29] (Microsoft Corporation)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-04-05] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-06] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-01] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24061.40.0_x64__cw5n1h2txyewy [2024-07-03] (Microsoft Windows) [Startup Task]
Notepad++ -> C:\Program Files (x86)\Notepad++\contextMenu [2024-07-13] (Notepad++)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.3017.0_x64__8wekyb3d8bbwe [2024-07-09] (Microsoft Corporation) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-01-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.7.0.0_x86__fxme7667cy4q4 [2024-03-16] (Ricoh Company, Ltd.)
Speech Pack - English (United Kingdom) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-GB.1_1.0.7.0_x64__cw5n1h2txyewy [2024-05-25] (Microsoft Windows)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm [2024-06-21] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-25] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-13] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2024-07-13] (win.rar GmbH)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-06-03] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{04271989-C4D2-764C-C5A5-7D14797A435B} -> [Ambasco] => C:\Users\motti\Ambasco [2021-09-28 14:22]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0BAEC2A2C01} -> [Creative Cloud Files Personal Account [email protected] AD2250B64F47619B0A490D4D@AdobeID] => C:\Users\motti\Creative Cloud Files Personal Account [email protected] AD2250B64F47619B0A490D4D@AdobeID [2020-06-10 13:15]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\motti\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.14501\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\GoToMeeting\19992\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\motti\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\motti\Dropbox [2024-04-08 13:01]
CustomCLSID: HKU\S-1-5-21-633662038-590885182-3186226141-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-16] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\motti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\quollify.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2020-06-09 19:30 - 2020-06-09 19:30 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll
2020-06-09 19:30 - 2020-06-09 19:30 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2023-01-31 19:37 - 2020-01-07 16:02 - 004679168 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Core.dll
2023-01-31 19:37 - 2020-01-07 16:02 - 000855040 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Network.dll
2023-01-31 19:37 - 2017-03-01 17:07 - 000109056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5WebSockets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-30] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\sharepoint.com -> hxxps://ambasco-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 05:49 - 2024-07-13 13:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python311\Scripts\;C:\Python311\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\HP\HP One Agent;C:\Program Files\Git\cmd;C:\Program Files\nodejs\
HKU\S-1-5-21-633662038-590885182-3186226141-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-633662038-590885182-3186226141-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\motti\Pictures\Bellagio.jpg
DNS Servers: 192.168.4.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "StartRLCMS.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "HPOneAgentService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\StartupFolder: => "Reallusion Hub.lnk"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_8D4CC1622ACB2D8CF3B8EA616AD9F228"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "electron.app.Loom"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2F00D187B1D9FA874EA7F713C90970C2"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "1Password"
HKU\S-1-5-21-633662038-590885182-3186226141-1003\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{66E5BBAA-5198-4650-BA95-62F577653327}] => (Block) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [{7F68E880-03DC-4429-8ABB-98B20E6032DC}] => (Block) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [UDP Query User{F56B8784-0E9B-4209-92B2-D9514C922E4D}C:\program files\kdenlive\bin\kdenlive.exe] => (Allow) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [TCP Query User{C2E6F02A-6A18-42DD-8907-E37EA125AA5A}C:\program files\kdenlive\bin\kdenlive.exe] => (Allow) C:\program files\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [{C3869BCB-30CC-4A4B-9193-2FB6FE377859}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C3C5CA25-316E-4EB8-828B-4171E4C2D155}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{9124303A-8BA8-43A4-95CC-766879687697}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{756B2B11-02E3-4672-AC6F-BAF92EEC327C}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{50AE3F2E-E941-4918-923D-73D499532092}] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{83ACF477-AB37-4B29-864B-9002E5D75F66}] => (Block) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [UDP Query User{A504A0B4-ED46-458C-A1E4-E19B3D0DC459}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Allow) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [TCP Query User{4150F610-C412-41BF-8D8E-43B5A96C4B6F}C:\program files (x86)\letsview\letsview\wxmcast.exe] => (Allow) C:\program files (x86)\letsview\letsview\wxmcast.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{7CFF43A8-A635-446C-867B-731C4311BA9D}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7D586AAC-D8D8-4D03-B34A-A2D222A5544E}] => (Allow) LPort=5357
FirewallRules: [{8FB4DE8F-2BA5-4A44-B5BF-BC5D6BCAC903}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{E15BEF90-AD3C-45BF-BD41-8EEB4EFC36B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [UDP Query User{39B01A95-94B2-4018-A1D2-6D4F98475FCA}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8E13D9D6-9AE4-43E1-9908-AD89D13A946C}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F5A3B283-DB63-4EEE-83EC-F281E63AE858}C:\program files (x86)\counterpath\bria\bria.exe] => (Allow) C:\program files (x86)\counterpath\bria\bria.exe (CounterPath Corporation -> CounterPath)
FirewallRules: [UDP Query User{DD7B16D4-B389-43D2-9860-0BA08838524E}C:\program files (x86)\counterpath\bria\bria.exe] => (Allow) C:\program files (x86)\counterpath\bria\bria.exe (CounterPath Corporation -> CounterPath)
FirewallRules: [TCP Query User{69FC49B9-2E76-4A6F-A45A-8558A93CCF39}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7C04E234-B699-4AC8-AB87-066BE2927BC4}C:\users\motti\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\motti\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61602F3C-C409-4B95-97FA-A9D8007F8C6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{72C14F2A-3219-46F7-B2FB-7A08F0393A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0D9CE8C-6621-4829-B109-E2E90632DEF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0BAB3A6-6438-4192-8586-2D74C9404B58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [TCP Query User{D0A4D96C-4DDC-40D3-BD55-120F0F48CBA0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{79D53B96-E8A5-4C7C-A1C6-BE390520B152}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C074D1E3-AEFC-42C6-884A-AE470E69AAEB}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [UDP Query User{D7F562D8-6CA0-43A1-9F52-DC15C67D6268}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [TCP Query User{481F3F9A-2E67-4EDD-9E4E-7F36F44A61FA}C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{DBC3CE11-01EF-49D1-8C0B-7EAA8CC69B4B}C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\motti\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [TCP Query User{2278F4BF-0FD5-4923-A6FE-3192D5B6EF46}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{4F0BC7EE-3CA3-4BE7-884C-059A86B1B1BD}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{14FAB61F-9469-4B38-99CC-9991CEE04D11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70450321-E184-4862-BD34-DBDDE8BF0D72}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC663A6D-D1CD-4CDE-B008-3A27BB3FFBC2}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{49ABDA69-A37C-4D36-A75E-E6C51898B96C}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{F529AEEB-4F70-477D-BF3B-ADD9F1B3E92A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A2ED3F9-B081-4842-B977-36D68958FCF7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0208EA22-A995-48BE-8EDE-74B0EE75EC0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A6E04751-B18A-429B-BF6C-5CB881574875}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{EBE0AE2A-8090-4B77-8D96-C63EC482F7E5}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{DA9B6847-5900-451D-AB1C-3C59A4B6313E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AAC10BD7-914F-43D4-BF5B-005E6CCBC02A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6ED60168-E845-48A2-8D89-C300A588AFDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12A9A781-C64B-4846-93CE-E12057778A21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06AB65AF-8694-435A-9B87-1F8EAAF2DCDC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFB4F45A-2EEF-47A4-9C2C-EFD37F72DD74}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{5B99A63C-9508-453D-B4B7-1F914EB41E9B}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{CF58D22E-704C-435D-B7DF-455AB0693F9D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F2D0C9A8-08CB-4731-B0D2-3A8A685F3E99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5DD70CD1-CA3C-480D-A238-A10F25D8AE6D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{104F91A7-CCAA-45CF-AD58-9C13081ECDDA}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24165.1414.2987.41_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17DB1663-7812-40D6-A540-92032F509CC2}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
FirewallRules: [{531AAC30-584F-455D-81D4-C3E564F7F918}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13F6256-4239-445C-896A-98C329FA742D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78C13C46-2F9B-489B-9511-AB563B75A837}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4E0ABE72-33BA-440A-AEFF-5F10D0DC2D70}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5D979BD4-02D6-4F7A-BCBD-234518D5E73D}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A4699997-A3F5-415C-9D65-367EF1169953}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.102\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
13-07-2024 13:05:51 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810
13-07-2024 13:15:46 Piriform Driver Updater Restore Point
13-07-2024 13:48:01 Removed Bonjour
15-07-2024 12:11:32 AdwCleaner_BeforeCleaning_15/07/2024_12:11:30
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/15/2024 06:15:29 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 126.0.6478.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/15/2024 06:01:35 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 126.0.6478.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/15/2024 05:48:57 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 126.0.6478.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/15/2024 05:31:21 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 126.0.6478.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/15/2024 05:30:21 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 126.0.6478.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/15/2024 12:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (07/15/2024 12:12:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (07/15/2024 12:12:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
 
System errors:
=============
Error: (07/15/2024 05:25:44 PM) (Source: DCOM) (EventID: 10010) (User: DARRELL-HP-SPEC)
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.
 
Error: (07/15/2024 12:13:30 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (10:3f:44:6f:28:15) failed.
 
Error: (07/15/2024 12:12:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HP Insights Analytics service depends on the User Profile Service service which failed to start because of the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/15/2024 12:12:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The User Profile Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/15/2024 12:11:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/15/2024 12:11:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Graphics Command Center Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (07/15/2024 12:11:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/15/2024 12:11:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Insights Analytics service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2024-07-15 03:04:14
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-12 10:21:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-11 03:06:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-10 10:03:19
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-09 03:00:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-05-21 21:45:30
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-05-13 07:41:01
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-05-04 17:18:09
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-04-27 18:37:15
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-04-20 21:57:00
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
CodeIntegrity:
===============
Date: 2024-07-15 12:12:50
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\detectionverificationdrv.inf_amd64_3246b80d2e1b5e83\IntelSSTPreprocStreamer.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 
 
Date: 2024-07-15 11:45:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.28 03/04/2021
Motherboard: HP 86FA
Processor: Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 52%
Total physical RAM: 16061.82 MB
Available physical RAM: 7689.87 MB
Total Virtual: 34493.82 MB
Available Virtual: 20582.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:707.81 GB) (Free:476.6 GB) (Model: INTEL HBRPEKNX0203AH) (Protected) NTFS
Drive e: (Work) (Fixed) (Total:244.14 GB) (Free:207.28 GB) (Model: INTEL HBRPEKNX0203AH) (Protected) NTFS
 
\\?\Volume{9de0abb6-f367-486b-acf9-9b1003770441}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{9dc73b09-85e2-44a2-b023-f57d32322744}\ () (Fixed) (Total:1.28 GB) (Free:0.06 GB) NTFS
\\?\Volume{9a4c0156-4bb5-4afb-979e-c62e80564463}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 1C25566E)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hi, dpwm.
 
Please do the following:

 
FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {CF127EFA-2905-4E05-98AE-332725BFB03B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {47C1635D-5418-4605-AAC8-9D8B72A239D9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {DEFC4DB6-85D3-45BC-A899-374F19E8FFD2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B} - System32\Tasks\Opera scheduled Autoupdate 1614264411 => c:\users\motti\appdata\local\programs\opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
Edge Notifications: Default -> hxxps://b.oataltaul.com; hxxps://calendar.google.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.justarsenal.com; hxxps://www.youtube.com
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2024-06-27 15:27 - 2024-06-27 15:27 - 000000000 ____D C:\Users\motti\Downloads\asw
FirewallRules: [{E15BEF90-AD3C-45BF-BD41-8EEB4EFC36B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{61602F3C-C409-4B95-97FA-A9D8007F8C6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{72C14F2A-3219-46F7-B2FB-7A08F0393A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0D9CE8C-6621-4829-B109-E2E90632DEF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0BAB3A6-6438-4192-8586-2D74C9404B58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply, please post:

  1. The fixlog.txt
  2. Feedback: How is the computer running now?

  • 0

#15
dpwm

dpwm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by motti (16-07-2024 14:02:01) Run:1
Running from C:\Users\motti\OneDrive\Desktop
Loaded Profiles: User & motti
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {CF127EFA-2905-4E05-98AE-332725BFB03B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {47C1635D-5418-4605-AAC8-9D8B72A239D9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {DEFC4DB6-85D3-45BC-A899-374F19E8FFD2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B} - System32\Tasks\Opera scheduled Autoupdate 1614264411 => c:\users\motti\appdata\local\programs\opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
Edge Notifications: Default -> hxxps://b.oataltaul.com; hxxps://calendar.google.com; hxxps://teams.microsoft.com; hxxps://web.whatsapp.com; hxxps://www.justarsenal.com; hxxps://www.youtube.com
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2024-06-27 15:27 - 2024-06-27 15:27 - 000000000 ____D C:\Users\motti\Downloads\asw
FirewallRules: [{E15BEF90-AD3C-45BF-BD41-8EEB4EFC36B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{61602F3C-C409-4B95-97FA-A9D8007F8C6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{72C14F2A-3219-46F7-B2FB-7A08F0393A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0D9CE8C-6621-4829-B109-E2E90632DEF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F0BAB3A6-6438-4192-8586-2D74C9404B58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF127EFA-2905-4E05-98AE-332725BFB03B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF127EFA-2905-4E05-98AE-332725BFB03B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCCC0CB9-1325-4F5E-8AAA-C7C314E64B08}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47C1635D-5418-4605-AAC8-9D8B72A239D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C1635D-5418-4605-AAC8-9D8B72A239D9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEFC4DB6-85D3-45BC-A899-374F19E8FFD2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEFC4DB6-85D3-45BC-A899-374F19E8FFD2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5DD3F8C-E639-4FE8-8C58-5AD1C5F9282B}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1614264411 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1614264411" => removed successfully
"Edge Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
 
"C:\Users\motti\Downloads\asw" Folder move:
 
C:\Users\motti\Downloads\asw => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E15BEF90-AD3C-45BF-BD41-8EEB4EFC36B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61602F3C-C409-4B95-97FA-A9D8007F8C6A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72C14F2A-3219-46F7-B2FB-7A08F0393A47}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0D9CE8C-6621-4829-B109-E2E90632DEF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0BAB3A6-6438-4192-8586-2D74C9404B58}" => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3880
 
 
[==                         3.8%                           ] 
 
[==                         4.2%                           ] 
 
[==                         5.0%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.7%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.9%                           ] 
 
[=====                      8.9%                           ] 
 
[=====                      9.9%                           ] 
 
[======                     10.7%                          ] 
 
[======                     11.7%                          ] 
 
[=======                    12.5%                          ] 
 
[=======                    13.5%                          ] 
 
[========                   14.5%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.4%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  16.3%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  17.0%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.8%                          ] 
 
[============               20.8%                          ] 
 
[============               21.8%                          ] 
 
[=============              22.8%                          ] 
 
[=============              23.8%                          ] 
 
[==============             24.8%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.7%                          ] 
 
[================           27.7%                          ] 
 
[================           27.9%                          ] 
 
[================           28.9%                          ] 
 
[=================          29.9%                          ] 
 
[=================          29.9%                          ] 
 
[=================          30.7%                          ] 
 
[==================         31.7%                          ] 
 
[==================         32.3%                          ] 
 
[==================         32.8%                          ] 
 
[===================        33.3%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.3%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.4%                          ] 
 
[====================       35.8%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.6%                          ] 
 
[=====================      37.2%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.6%                          ] 
 
[======================     39.4%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    40.5%                          ] 
 
[========================   41.5%                          ] 
 
[========================   42.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  44.5%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 46.4%                          ] 
 
[===========================47.4%                          ] 
 
[===========================48.4%                          ] 
 
[===========================49.4%                          ] 
 
[===========================50.3%                          ] 
 
[===========================51.1%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.6%                          ] 
 
[===========================51.6%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.9%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.8%                          ] 
 
[===========================57.2%=                         ] 
 
[===========================58.2%=                         ] 
 
[===========================59.2%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================60.2%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 129663449 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 45848 B
Windows/system/drivers => 29389663 B
Edge => 0 B
Chrome => 873501935 B
Firefox => 20131463 B
Opera => 5790546 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 559 B
LocalService => 559 B
NetworkService => 4069 B
User => 25115 B
motti => 424921513 B
defaultuser100000.DARRELL-HP-SPEC => 425216207 B
 
RecycleBin => 8791352 B
EmptyTemp: => 1.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:08:49 ====
 
 
 
Laptop seems to be running well so far..

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP