Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old July 31st, 2023, 11:43 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Unhappy I think I may have malware on my computer

Thank you for reading this post. Several weeks ago I began having a problem with Chrome which I normally use. When I would sign in, it was very slow, so I deleted it and then reinstalled it. Then when I would sign in i would get a small pop up screen saying that there was an Enhanced ad privacy in Chrome

I would click "got it" and it would go away and allow me to use chrome. It really became annoying and I have tried many times to remove it and reinstall it. Now I don't have it installed. The last time I downloaded it, it wouldn't work, saying I wasn't connected to the internet but of course I am and could use firefox or opera. I ran cc cleaner and I thought I cleaned up everything. So I checked on line and one suggestion was to flush my dna. I am not able to do that and I'm not sure why. It says flushdna is not recognized as an internal or external command, operable program or bath file. Any help would be greatly appreciated. Thank you so much. Gae

Last edited by gaesilva; July 31st, 2023 at 11:47 PM. Reason: got the actual name of the issue in chrome
Reply With Quote
  #2  
Old August 1st, 2023, 07:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello Gae,

Not reading much malware in this. As an aside:

Click the Start button. ...
Click All Programs > Accessories.
Select Command Prompt.
In the command prompt window, type ipconfig /flushdns.
Press Enter.
You should see a message confirming that the DNS Resolver Cache was successfully flushed.
Reply With Quote
  #3  
Old August 3rd, 2023, 12:17 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Thank you I was able to flushdns. However I still have a problem getting into Chrome. I deleted Chrome because I am getting so many problems with it. I try to get to chrome through firefox and get the same result.
The ighome page appears in the back and on top of it I get this:
Enhanced ad privacy in Chrome
We’re launching new privacy features that give you more choice over the ads you see.
Chrome notes topics of interest based on your recent browsing history. Also, sites you visit can determine what you like. Later, sites can ask for this information to show you personalized ads. You can choose which topics and sites are used to show you ads.
To measure the performance of an ad, limited types of data are shared between sites, such as the time of day an ad was shown to you.
More about ads in Chrome
You can make changes in Chrome settings


At the bottom of the second screen it says in a box "Got It" or "Settings".....Settings only allows me to change the colors. If I click Got it, the Enhanced Screen goes away but when i try to use Google search, it just keeps spinning and nothing comes up. Any help would be appreciated.

This has been going on for quite a while, I even restore to a previous version and have the same problem. Thank you for you help.
Reply With Quote
  #4  
Old August 5th, 2023, 05:49 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Still not reading malware in this. Let's clear out Chrome. Make sure Chrome is uninstalled.
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #5  
Old August 5th, 2023, 11:26 PM
MishY's Avatar
MishY MishY is offline
Cyber Tech Help Administrator
 
Join Date: Sep 2000
O/S: Linux
Location: England
Age: 46
Posts: 9,299
Is this what you see? https://www.androidpolice.com/topics...-beta-rollout/
Reply With Quote
  #6  
Old August 7th, 2023, 04:53 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
Ran by gaele (07-08-2023 11:36:39)
Running from C:\Users\gaele.000\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2023-06-18 04:01:21)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3036132105-1439115854-3050649200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3036132105-1439115854-3050649200-503 - Limited - Disabled)
gaele (S-1-5-21-3036132105-1439115854-3050649200-1000 - Administrator - Enabled) => C:\Users\gaele.000
Guest (S-1-5-21-3036132105-1439115854-3050649200-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3036132105-1439115854-3050649200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
cnn (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\90da1836a8ef40533bf48bf9527efc67) (Version: 1.0 - Google\Chrome)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.171 - Google LLC)
Google News (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\a0f47c7035a67f4ca3363535fdf90fb6) (Version: 1.0 - Google\Chrome)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Icls (HKLM\...\{8761CF94-4FD5-47A0-9F7F-5F9B23371AB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\d962ca0c921f22d9) (Version: 17.1.268.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.1 (x64 en-US)) (Version: 116.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Opera Stable 100.0.4815.76 (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Opera 100.0.4815.76) (Version: 100.0.4815.76 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9400.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SupportAssist Recovery Assistant (HKLM\...\{0A51D0FA-351E-48E2-98E3-EE1B2B7F5409}) (Version: 5.5.6.18729 - Dell Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare PDFelement ( Version 9.5.10 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.5.10 - Wondershare)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1. 61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.14.4.0_x64__htrsf667h5kn2 [2023-07-31] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86_ _htrsf667h5kn2 [2023-07-31] (Dell Inc)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.19.1.0 _x64__kgqvnymyfvs32 [2023-07-31] (king.com)
Find Duplicate Files -> C:\Program Files\WindowsApps\28686TrentTaylor.FindDuplicateFi les_0.0.0.0_x64__jcszgpz62jaz4 [2023-07-31] (Trent Taylor) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.5131.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.53 1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.50901.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.2 3.19.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a [2023-07-31] (NG PDF Lab) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Studios) [MS Ad]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2023-07-31] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-06-09] (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele.000\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\you tube music - Search.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=camhhmceiekkpjglehlcmcmaeabmidjn --app-url=hxxps://www.bing.com/search?q=you+tube+music&form=ANSPH1&refig=21b77070 ae5945899c53559d32ef0583&pc=U531 --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============

2013-02-23 04:12 - 2013-02-23 04:12 - 000126976 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\CynergySystems.Commons.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000020992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\LinFu.DynamicProxy.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000031744 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Retlang.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000245760 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\StructureMap.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 001784832 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Input.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002735104 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Navigatio n.dll
2023-06-18 11:34 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2023-06-18 11:34 - 2005-04-22 00:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2023-06-18 09:35 - 2013-02-04 13:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (broloco) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.LambdaExtensions.dll
2023-06-18 11:34 - 2012-07-13 13:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2023-06-18 11:34 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2023-06-18 11:34 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2023-06-18 11:34 - 2012-11-29 19:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2023-06-18 11:30 - 2013-01-30 15:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2023-06-18 11:30 - 2013-01-18 14:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2023-06-18 11:34 - 2012-10-19 08:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000237568 _____ (Eric Woodruff) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\EWSoftware.PDI.Data.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000148480 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Microsoft.Windows.Shell.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000050688 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\ShaderEffectLibrary.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000215040 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.OpenXmlRendering .dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000036864 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.XpsRendering.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000057344 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\TreeListView.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 001761280 _____ (Neat) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Common.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000349184 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Newtonsoft.Json.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Iesi.Collections.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000007168 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.ByteCode.LinFu.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002117632 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 003219968 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000237056 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.ReportViewer.Wpf.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002955264 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000270336 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\log4net.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000319488 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Lucene.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000012944 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Classification.AutoDo cument.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000036496 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Configuration.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000267920 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.DocumentEngines.Recei pt.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000046224 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Imaging.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000084112 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.nCapture.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000019600 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.OCR.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000038032 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000201872 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000628368 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Common.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000014480 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Configuration.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000461968 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.DocumentAnalysis.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000061584 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000720016 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000163984 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000351888 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000020112 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000097936 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000025744 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000498320 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 006723072 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Models.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000011776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.PdfExtraction.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 001277952 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatReceipts.Components.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 002075648 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.CE.Database.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000042496 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.Components.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000032768 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\ImageFileInputAd apter\NeatCompany.QuickScan.Inputs.ImageFileInputA dapter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\nCaptureInputAda pter\NeatCompany.QuickScan.Inputs.nCaptureInputAda pter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PdfFileInputAdap ter\NeatCompany.QuickScan.Inputs.PdfFileInputAdapt er.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000018944 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PrinterInputAdap ter\NeatCompany.NeatWorks.PrinterInputAdapter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000139776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Core.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000034304 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Interfac es.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\ImageFileOutput Adapter\NeatCompany.QuickScan.Outputs.ImageFileOut putAdapter.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000074240 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\NeatOutputAdapt er\NeatCompany.QuickScan.Outputs.NeatOutputAdapter .dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000034816 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\PdfFileOutputAd apter\NeatCompany.QuickScan.Outputs.PdfFileOutputA dapter.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000022528 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\sdk3\Neat.SDK.V3.Configuration.Net .dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000038400 _____ (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Configuration.C.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000102400 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Compression.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000122880 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.FileSystem.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000167936 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.Controls.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 003133440 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.DataGrid.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000196608 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\gaele.000\Downloads\iTunes64Setup.exe:MBA M.Zone.Identifier [231]
AlternateDataStreams: C:\Users\gaele.000\Downloads\tunesgo_setup_full271 0.exe:MBAM.Zone.Identifier [100]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele.000\AppData\Local\Microsoft\Windows \Themes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Host => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\StartupApproved\StartupFolder: => "OneLaunch.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AF92735-E52F-4235-9913-E08836D3FF56}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55FDDF1A-F12D-4878-82DE-4AB319A7F034}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A454FC25-CE19-4694-897B-1801072D6BA9}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{4389B8DD-720B-4E23-811B-798229D12A58}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{D886C8C5-B744-407D-87CC-584E96F5B010}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{1E3D2CB2-01F2-490F-A1B5-6CB666AABE1C}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{8809C457-E45C-4D6A-B383-BF8D38400247}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{FDBA6ECB-F610-48B1-9BFA-90BACB968066}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{8438EDCD-56B8-4F9A-8EAE-0E2BA1375187}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{E5A5ED5A-2740-4BF3-B955-A8C739BB9659}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{AAD2956C-1729-472F-9448-00ED8E39941C}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{EA6B6508-1D7C-46B0-B095-42448D084FE7}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{25280E73-70BA-47BC-BA79-782371C3803F}] => (Allow) C:\Users\gaele.000\AppData\Roaming\Zoom\bin\Zoom.e xe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{13D17F2B-328C-4B26-990A-83F04653823D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C82BEFDC-D688-4604-8AD1-5573C355D81E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91D0B12C-65CC-4E0B-8524-831A722CE131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A96DA85B-0FC1-40FE-8702-72D3661DDA8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D2299D1-A56B-479D-91DE-05629309F22D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2F34186-5AFB-4C2A-87A1-DBAAD106C052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B20CD597-E92A-42E9-B7F1-EB8C6A4209A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11222815-A0C1-4ECF-81D8-C5DBF3D792BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8CA33CEE-E480-4A86-AD6B-1072592E4957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C7B883F6-37E3-405A-97E2-47994D3D359E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FD149D9B-6E79-40C7-9243-AF384C86253F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EC98D8E-C2B9-4A9B-88BA-EB9D0A061564}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81F6D74F-DF02-466B-BCFB-00A2FFCF445E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7AEE4769-6126-433C-BC2D-67C1E9C4DEE9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901 .188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DA677347-AE07-402F-BB9C-94429F3BF281}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-07-2023 22:03:59 July 19 2023 after resetting a few week s ago.
27-07-2023 04:11:02 Scheduled Checkpoint
31-07-2023 13:54:59 Restore Operation

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-KJSDKU5.local already in use; will try DESKTOP-KJSDKU5-2.local instead

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-KJSDKU5.local. Addr 192.168.0.15

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA FE80:0000:0000:0000:5976:FB70:E481:2085

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:84B4:5076:A62C:8714

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:2CB7:A727BFB:58B3


System errors:
=============
Error: (08/03/2023 08:07:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (08/02/2023 04:08:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {348f0158-26b9-484f-86ee-822da5ef551e}, had event 74

Error: (07/31/2023 02:42:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (07/31/2023 12:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/29/2023 12:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/27/2023 01:33:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/25/2023 04:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/23/2023 06:07:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.


Windows Defender:
================
Date: 2023-08-06 18:38:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-05 19:14:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-03 19:04:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-07-30 19:56:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-07-29 19:56:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-07-31 14:07:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.1857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2023-08-07 11:29:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-08-07 11:24:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-08-07 11:18:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.20.0 03/08/2023
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 43%
Total physical RAM: 16215.92 MB
Available physical RAM: 9204.88 MB
Total Virtual: 18647.92 MB
Available Virtual: 10048.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.1 GB) (Free:266.34 GB) (Model: KBG40ZNS512G NVMe KIOXIA 512GB) (Protected) NTFS

\\?\Volume{c7235e5c-943b-4583-8a2a-bf8050d16ac4}\ (WINRETOOLS) (Fixed) (Total:1.2 GB) (Free:0.2 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:5.98 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.51 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt ===========
Reply With Quote
  #7  
Old August 7th, 2023, 04:55 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
The Frst Tax is too large to send. I've tried to send part of it but it always says no more than 50000 and my file is too big.
Reply With Quote
  #8  
Old August 8th, 2023, 06:36 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Please disregard message 6 & 7. I still had chrome when I ran those. I have now deleted chrome and will try this again. Thank you.
Reply With Quote
  #9  
Old August 8th, 2023, 06:38 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
First TXT:

FC:\Users\gaele.000\AppData\Local\Google\Chrome\Us er Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2023-06-24]
CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2023-06-18]
CHR Extension: (RocketReach Chrome Extension) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oiecklaabeielolbliiddlbokp fnmhba [2023-06-24]
CHR Extension: (Privacy Test) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2023-06-24]
CHR Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-07-25]
CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Guest Profile [2023-08-08]
CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\System Profile [2023-08-08]

Opera:
=======
OPR Profile: C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable [2023-08-08]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera &ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-09]
OPR Extension: (Opera Wallet) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-02]
OPR Extension: (Aria) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-31]
OPR Extension: (opera-intro) - C:\Users\gaele.000\AppData\Local\Programs\Opera\10 0.0.4815.76\resources\opera_intro_extension [2023-07-26]
StartMenuInternet: (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000) OperaStable - "C:\Users\gaele.000\AppData\Local\Programs\Opera\L auncher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [22224 2023-04-11] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\\AS\\IAS\\IntelAud ioService.exe [412160 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-01] (Malwarebytes Inc. -> Malwarebytes)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SupportAssistAgent; c:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [48464 2023-04-11] (Dell Inc. -> Dell Inc.)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sy s [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl7577421d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D7AE43D-4B92-438D-BE7B-DA9702EC047B}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-24] (Microsoft Windows -> Microsoft Corporation)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-08 13:15 - 2023-08-08 13:15 - 002384896 _____ (Farbar) C:\Users\gaele.000\Downloads\FRST64.exe
2023-08-08 13:08 - 2023-08-08 13:08 - 000002084 _____ C:\Users\gaele.000\Documents\cc_20230808_130852.re g
2023-08-08 01:29 - 2023-08-08 08:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-07 11:34 - 2023-08-08 13:16 - 000041056 _____ C:\Users\gaele.000\Desktop\FRST.txt
2023-08-07 11:33 - 2023-08-08 13:16 - 000000000 ____D C:\FRST
2023-08-06 15:10 - 2023-08-06 15:10 - 002384896 _____ (Farbar) C:\Users\gaele.000\Desktop\FRST64.exe
2023-08-04 04:19 - 2023-08-04 04:19 - 000000000 ____D C:\Windows\Firmware
2023-08-02 14:51 - 2023-08-02 14:51 - 000000000 _____ C:\Users\gaele.000\FLUSHDNA
2023-07-31 18:41 - 2023-07-31 18:41 - 000000000 _____ C:\Users\gaele.000\flushdna'
2023-07-31 16:39 - 2023-07-31 16:39 - 000000000 ____D C:\Users\gaele.000\AppData\Local\ToastNotification ManagerCompat
2023-07-31 16:38 - 2023-07-31 16:38 - 003145080 ____N (OneLaunch ) C:\Users\gaele.000\Downloads\OneLaunch - Manuals_ln2to.exe
2023-07-31 16:33 - 2023-07-31 16:33 - 000393875 _____ C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com.htm
2023-07-31 16:33 - 2023-07-31 16:33 - 000000000 ____D C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com_files
2023-07-31 16:31 - 2023-07-31 16:31 - 001084872 _____ () C:\Users\gaele.000\Downloads\mypdfmanager.exe
2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005.htm
2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005(1).htm
2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea.mp4
2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea(1).mp4
2023-07-31 14:47 - 2023-07-31 14:47 - 000003568 _____ C:\Users\gaele.000\Documents\cc_20230731_144734.re g
2023-07-18 17:17 - 2023-07-18 17:17 - 000000000 ___HD C:\$WinREAgent
2023-07-15 11:31 - 2023-07-15 11:31 - 001352702 _____ C:\Users\gaele.000\Documents\How To Make A Snuffle Mat - 3 Ways To Make A DIY Snuffle Mat ⋆ Hello Sewing.pdf
2023-07-15 10:29 - 2023-08-08 13:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-15 10:29 - 2023-08-08 08:29 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-07-15 10:29 - 2023-08-08 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-15 10:29 - 2023-07-15 10:29 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-07-15 10:29 - 2023-07-15 10:29 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Users\gaele.000\Desktop\Old Firefox Data
2023-07-13 09:35 - 2023-07-13 09:35 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Input Method
2023-07-12 17:04 - 2023-07-21 10:59 - 000004752 _____ C:\Users\gaele.000\Documents\2022 and up thru 7-12-23claims .csv
2023-07-12 16:59 - 2023-07-12 16:59 - 000009543 _____ C:\Users\gaele.000\Downloads\claims (6).csv
2023-07-12 13:57 - 2023-08-08 13:07 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-11 12:16 - 2023-07-11 12:16 - 000002870 _____ C:\Users\gaele.000\Downloads\claims (5).csv
2023-07-09 14:46 - 2023-07-09 14:46 - 001390720 _____ C:\Users\gaele.000\Downloads\Winston watching tv with me(1).heic
2023-07-09 14:31 - 2023-07-09 14:31 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1).mp4
2023-07-09 08:43 - 2023-07-09 08:43 - 000000000 ____D C:\Users\gaele.000\Downloads\takeout-20230620T055001Z-001

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-08 13:07 - 2023-06-18 13:53 - 000000000 ____D C:\Program Files\CCleaner
2023-08-08 13:07 - 2022-01-18 12:59 - 000000000 ____D C:\Windows\SystemTemp
2023-08-08 11:20 - 2023-06-18 11:18 - 000004214 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1687101525
2023-08-08 11:20 - 2023-06-13 09:05 - 000001423 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Opera Browser.lnk
2023-08-08 10:49 - 2023-06-18 11:30 - 000007909 _____ C:\Windows\BRRBCOM.INI
2023-08-08 10:45 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-08 10:45 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-08-08 10:44 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-08 10:20 - 2023-06-18 11:36 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{0416AA07-CBB7-4DFF-9D12-5ABBBA2D12A0}
2023-08-08 03:24 - 2023-06-18 02:12 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-08 03:24 - 2023-06-18 02:12 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-08 03:24 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-08 03:24 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-07 15:15 - 2023-06-18 11:09 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Malwarebytes
2023-08-07 14:15 - 2023-06-18 04:46 - 000000000 ___RD C:\Users\gaele.000\OneDrive
2023-08-07 11:37 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2023-08-06 16:19 - 2023-06-18 06:07 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Word
2023-08-04 15:18 - 2023-06-18 02:22 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-04 15:14 - 2023-06-18 02:12 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-04 15:14 - 2023-06-18 02:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-04 15:14 - 2023-06-18 02:12 - 000000000 ____D C:\Intel
2023-08-04 15:14 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2023-08-04 15:13 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-08-03 14:06 - 2023-06-18 06:04 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Excel
2023-08-02 15:45 - 2023-06-18 04:47 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3036132105-1439115854-3050649200-1000
2023-08-02 15:45 - 2023-06-18 04:46 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3036132105-1439115854-3050649200-1000
2023-08-02 15:45 - 2023-06-18 02:16 - 000002397 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk
2023-08-02 14:51 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000
2023-08-02 14:47 - 2023-06-18 04:52 - 000000000 ____D C:\Users\gaele.000\AppData\Local\D3DSCache
2023-08-01 15:33 - 2023-06-26 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-07-31 16:51 - 2023-06-18 11:31 - 000000000 ____D C:\Users\gaele.000\AppData\Local\CrashDumps
2023-07-31 16:44 - 2020-04-14 14:19 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Offic e
2023-07-31 14:55 - 2023-06-18 00:03 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Packages
2023-07-31 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\registration
2023-07-31 13:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\NDF
2023-07-27 18:17 - 2023-06-18 02:05 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-07-24 18:07 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-07-21 10:59 - 2023-06-16 16:08 - 000001269 _____ C:\Users\gaele.000\Documents\presciption claims 2023.csv
2023-07-21 10:59 - 2023-01-18 16:39 - 000003068 _____ C:\Users\gaele.000\Downloads\2022 Prescriptionsummary .CSV
2023-07-19 17:56 - 2023-06-18 13:53 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-07-19 14:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2023-07-19 10:32 - 2023-06-18 13:53 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-07-19 10:32 - 2023-06-18 13:53 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-07-18 18:14 - 2023-06-18 02:12 - 000436232 _____ C:\Windows\system32\FNTCACHE.DAT
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2023-07-18 17:20 - 2023-06-18 02:14 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-07-16 10:24 - 2023-06-18 04:48 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Comms
2023-07-16 09:18 - 2022-11-23 11:43 - 000010601 _____ C:\Users\gaele.000\Documents\Fidelity.xlsx
2023-07-15 10:29 - 2023-06-18 02:23 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Mozilla
2023-07-13 09:00 - 2022-01-20 03:25 - 000000000 ____D C:\ProgramData\Dell
2023-07-12 13:57 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Google
2023-07-12 13:12 - 2023-06-24 12:47 - 000000000 ____D C:\Users\gaele.000\Downloads\2023
2023-07-12 01:56 - 2023-06-18 02:09 - 000000000 ____D C:\Windows\system32\MRT
2023-07-12 01:34 - 2023-06-18 02:09 - 173351160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-07-11 20:18 - 2023-06-18 02:12 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2023-07-11 20:18 - 2023-06-18 02:12 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore

==================== Files in the root of some directories ========

2023-06-26 06:19 - 2023-06-26 06:19 - 000000373 _____ () C:\Users\gaele.000\AppData\Roaming\SaraBat.bat
2023-06-26 06:19 - 2023-06-26 06:19 - 000196984 _____ (Microsoft Corporation) C:\Users\gaele.000\AppData\Roaming\SetupProd_Act.e xe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
  #10  
Old August 8th, 2023, 06:43 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
Ran by gaele (08-08-2023 13:40:24)
Running from C:\Users\gaele.000\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2023-06-18 04:01:21)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3036132105-1439115854-3050649200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3036132105-1439115854-3050649200-503 - Limited - Disabled)
gaele (S-1-5-21-3036132105-1439115854-3050649200-1000 - Administrator - Enabled) => C:\Users\gaele.000
Guest (S-1-5-21-3036132105-1439115854-3050649200-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3036132105-1439115854-3050649200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
cnn (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\90da1836a8ef40533bf48bf9527efc67) (Version: 1.0 - Google\Chrome)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google News (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\a0f47c7035a67f4ca3363535fdf90fb6) (Version: 1.0 - Google\Chrome)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Icls (HKLM\...\{8761CF94-4FD5-47A0-9F7F-5F9B23371AB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.200 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\d962ca0c921f22d9) (Version: 17.1.268.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.2 (x64 en-US)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Opera Stable 101.0.4843.33 (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Opera 101.0.4843.33) (Version: 101.0.4843.33 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9400.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SupportAssist Recovery Assistant (HKLM\...\{0A51D0FA-351E-48E2-98E3-EE1B2B7F5409}) (Version: 5.5.6.18729 - Dell Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare PDFelement ( Version 9.5.10 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.5.10 - Wondershare)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1. 61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.14.4.0_x64__htrsf667h5kn2 [2023-07-31] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86_ _htrsf667h5kn2 [2023-07-31] (Dell Inc)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.19.1.0 _x64__kgqvnymyfvs32 [2023-07-31] (king.com)
Find Duplicate Files -> C:\Program Files\WindowsApps\28686TrentTaylor.FindDuplicateFi les_0.0.0.0_x64__jcszgpz62jaz4 [2023-07-31] (Trent Taylor) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.5131.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.53 1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.50901.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.2 3.19.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a [2023-07-31] (NG PDF Lab) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Studios) [MS Ad]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2023-07-31] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-06-09] (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele.000\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\you tube music - Search.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=camhhmceiekkpjglehlcmcmaeabmidjn --app-url=hxxps://www.bing.com/search?q=you+tube+music&form=ANSPH1&refig=21b77070 ae5945899c53559d32ef0583&pc=U531 --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============

2013-02-23 04:12 - 2013-02-23 04:12 - 000126976 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\CynergySystems.Commons.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000020992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\LinFu.DynamicProxy.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000031744 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Retlang.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000245760 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\StructureMap.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 001784832 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Input.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002735104 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Navigatio n.dll
2023-06-18 11:34 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2023-06-18 11:34 - 2005-04-22 00:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2023-06-18 09:35 - 2013-02-04 13:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (broloco) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.LambdaExtensions.dll
2023-06-18 11:34 - 2012-07-13 13:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2023-06-18 11:34 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2023-06-18 11:34 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2023-06-18 11:34 - 2012-11-29 19:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2023-06-18 11:30 - 2013-01-30 15:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2023-06-18 11:30 - 2013-01-18 14:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2023-06-18 11:34 - 2012-10-19 08:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000237568 _____ (Eric Woodruff) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\EWSoftware.PDI.Data.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000148480 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Microsoft.Windows.Shell.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000050688 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\ShaderEffectLibrary.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000215040 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.OpenXmlRendering .dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000036864 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.XpsRendering.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000057344 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\TreeListView.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 001761280 _____ (Neat) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Common.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000349184 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Newtonsoft.Json.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Iesi.Collections.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000007168 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.ByteCode.LinFu.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002117632 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 003219968 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000237056 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.ReportViewer.Wpf.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 002955264 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000270336 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\log4net.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000319488 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Lucene.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000012944 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Classification.AutoDo cument.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000036496 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Configuration.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000267920 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.DocumentEngines.Recei pt.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000046224 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Imaging.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000084112 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.nCapture.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000019600 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.OCR.Net.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000038032 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000201872 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000628368 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Common.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000014480 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Configuration.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000461968 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.DocumentAnalysis.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000061584 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000720016 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000163984 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000351888 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000020112 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000097936 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000025744 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.C.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000498320 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 006723072 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Models.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000011776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.PdfExtraction.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 001277952 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatReceipts.Components.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 002075648 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.CE.Database.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000042496 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.Components.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000032768 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\ImageFileInputAd apter\NeatCompany.QuickScan.Inputs.ImageFileInputA dapter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\nCaptureInputAda pter\NeatCompany.QuickScan.Inputs.nCaptureInputAda pter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PdfFileInputAdap ter\NeatCompany.QuickScan.Inputs.PdfFileInputAdapt er.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000018944 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PrinterInputAdap ter\NeatCompany.NeatWorks.PrinterInputAdapter.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000139776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Core.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000034304 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Interfac es.dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\ImageFileOutput Adapter\NeatCompany.QuickScan.Outputs.ImageFileOut putAdapter.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000074240 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\NeatOutputAdapt er\NeatCompany.QuickScan.Outputs.NeatOutputAdapter .dll
2012-07-11 20:15 - 2012-07-11 20:15 - 000034816 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\PdfFileOutputAd apter\NeatCompany.QuickScan.Outputs.PdfFileOutputA dapter.dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000022528 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\sdk3\Neat.SDK.V3.Configuration.Net .dll
2013-02-04 15:02 - 2013-02-04 15:02 - 000038400 _____ (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Configuration.C.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000102400 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Compression.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000122880 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.FileSystem.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000167936 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.Controls.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 003133440 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.DataGrid.dll
2013-02-04 15:01 - 2013-02-04 15:01 - 000196608 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\gaele.000\Downloads\iTunes64Setup.exe:MBA M.Zone.Identifier [231]
AlternateDataStreams: C:\Users\gaele.000\Downloads\tunesgo_setup_full271 0.exe:MBAM.Zone.Identifier [100]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele.000\AppData\Local\Microsoft\Windows \Themes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Host => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\StartupApproved\StartupFolder: => "OneLaunch.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AF92735-E52F-4235-9913-E08836D3FF56}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55FDDF1A-F12D-4878-82DE-4AB319A7F034}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A454FC25-CE19-4694-897B-1801072D6BA9}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{4389B8DD-720B-4E23-811B-798229D12A58}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{D886C8C5-B744-407D-87CC-584E96F5B010}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{1E3D2CB2-01F2-490F-A1B5-6CB666AABE1C}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{8809C457-E45C-4D6A-B383-BF8D38400247}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{FDBA6ECB-F610-48B1-9BFA-90BACB968066}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{8438EDCD-56B8-4F9A-8EAE-0E2BA1375187}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{E5A5ED5A-2740-4BF3-B955-A8C739BB9659}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{AAD2956C-1729-472F-9448-00ED8E39941C}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{EA6B6508-1D7C-46B0-B095-42448D084FE7}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{25280E73-70BA-47BC-BA79-782371C3803F}] => (Allow) C:\Users\gaele.000\AppData\Roaming\Zoom\bin\Zoom.e xe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{13D17F2B-328C-4B26-990A-83F04653823D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C82BEFDC-D688-4604-8AD1-5573C355D81E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91D0B12C-65CC-4E0B-8524-831A722CE131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A96DA85B-0FC1-40FE-8702-72D3661DDA8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D2299D1-A56B-479D-91DE-05629309F22D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2F34186-5AFB-4C2A-87A1-DBAAD106C052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B20CD597-E92A-42E9-B7F1-EB8C6A4209A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11222815-A0C1-4ECF-81D8-C5DBF3D792BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8CA33CEE-E480-4A86-AD6B-1072592E4957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C7B883F6-37E3-405A-97E2-47994D3D359E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FD149D9B-6E79-40C7-9243-AF384C86253F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EC98D8E-C2B9-4A9B-88BA-EB9D0A061564}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81F6D74F-DF02-466B-BCFB-00A2FFCF445E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7AEE4769-6126-433C-BC2D-67C1E9C4DEE9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901 .188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

19-07-2023 22:03:59 July 19 2023 after resetting a few week s ago.
27-07-2023 04:11:02 Scheduled Checkpoint
31-07-2023 13:54:59 Restore Operation
08-08-2023 03:14:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-KJSDKU5.local already in use; will try DESKTOP-KJSDKU5-2.local instead

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-KJSDKU5.local. Addr 192.168.0.15

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA FE80:0000:0000:0000:5976:FB70:E481:2085

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:84B4:5076:A62C:8714

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:2CB7:A727BFB:58B3


System errors:
=============
Error: (08/03/2023 08:07:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (08/02/2023 04:08:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {348f0158-26b9-484f-86ee-822da5ef551e}, had event 74

Error: (07/31/2023 02:42:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (07/31/2023 12:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/29/2023 12:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/27/2023 01:33:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/25/2023 04:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/23/2023 06:07:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.


Windows Defender:
================
Date: 2023-08-07 19:14:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-06 18:38:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-05 19:14:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-03 19:04:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-07-30 19:56:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-07-31 14:07:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.1857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2023-08-08 13:30:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-08-08 13:22:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.20.0 03/08/2023
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 62%
Total physical RAM: 16215.92 MB
Available physical RAM: 6127.26 MB
Total Virtual: 18647.92 MB
Available Virtual: 5389.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.1 GB) (Free:265.52 GB) (Model: KBG40ZNS512G NVMe KIOXIA 512GB) (Protected) NTFS

\\?\Volume{c7235e5c-943b-4583-8a2a-bf8050d16ac4}\ (WINRETOOLS) (Fixed) (Total:1.2 GB) (Free:0.2 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:5.98 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.51 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote
  #11  
Old August 10th, 2023, 03:11 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Sorry for the delay. Med problems.













i
Reply With Quote
  #12  
Old August 10th, 2023, 08:04 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Smile Med problems

I'm sorry you're not feeling well. I understand. Hope you get better soon.
Reply With Quote
  #13  
Old August 12th, 2023, 07:17 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
I'll need you to reboot, then run a new scan and post the logs please.
Reply With Quote
  #14  
Old August 14th, 2023, 01:57 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2023
Ran by gaele (administrator) on DESKTOP-KJSDKU5 (Dell Inc. Inspiron 5490 AIO) (14-08-2023 08:30:01)
Running from C:\Users\gaele.000\Desktop\FRST64(1).exe
Loaded Profiles: gaele
Platform: Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury. API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Anal ytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.Da taManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Di agnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208 949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (614A9D21-6F29-4C9D-9F7D-FF59321D9E5F -> ) C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a\FileWatcher\FileWatcher.exe
(explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSvc64.exe
(explorer.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <28>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinSe rvice.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_1840c0e85c622882\IntelCpHDCPSvc.ex e
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_1840c0e85c622882\IntelCpHeciSvc.ex e
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mew miprov.inf_amd64_d4564390a9b1e980\WMIRegistrationS ervice.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\AS\IAS\IntelAudioS ervice.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUServ ice64.exe <3>
(services.exe ->) (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(services.exe ->) (Two Pilots) [File not signed] C:\Windows\VPDAgent_x64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSysSvc64. exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.21534.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.21534.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.82 3.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.82 3.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_ x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUServ ice64.exe [1594232 2022-08-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSvc64.exe [4653240 2022-07-22] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [Opera Stable] => C:\Users\gaele.000\AppData\Local\Programs\Opera\la uncher.exe [2730912 2023-08-02] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\MountPoints2: {2524ba2f-12b0-11ee-8cbe-84c5a6b2f281} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\MountPoints2: {2684a1d4-0da4-11ee-8cba-a4bb6d40d396} - "D:\setup.EXE" /AUTORUN
HKLM\...\Print\Monitors\sdtnm: C:\Windows\system32\sdtnpm.dll [54784 2013-02-04] () [File not signed]
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\PEPrinterMonitor.dll [292592 2023-05-26] (Wondershare Technology Group Co.,Ltd -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [Neat ADF Scanner 2008] -> reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [Send To Neat] -> reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEScreenshot.lnk [2023-06-27]
ShortcutTarget: Wondershare PEScreenshot.lnk -> C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEToolbox.lnk [2023-06-27]
ShortcutTarget: Wondershare PEToolbox.lnk -> C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {BC2372A3-3323-46EE-A40B-42054E0B4C29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {BBD9AFDF-3DCC-4A16-9BA1-5E6C30BEC8F0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {12EDFE47-8E4D-4696-B852-BE349A0761F6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "02ba5822-d03d-4142-a4cd-d5d8114a1b63" --version "6.14.10584" --silent
Task: {E52D2610-BDF7-48A5-977E-B84E074CC80E} - System32\Tasks\CCleanerSkipUAC - gaele => C:\Program Files\CCleaner\CCleaner.exe [34677664 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {959F8DA3-630B-4467-B812-EE6A02C5D2BA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => c:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\ SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {72476E7D-B3E5-43E0-A7A9-034514B95F06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {200D4811-93C7-4793-B76D-0BBADE138476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {10E03BBA-5B01-442E-90EC-0A19F5780AE3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {351F1896-5E1E-4BCE-8F5C-9F96EDF507C8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -foScheduledTelemetryRun
Task: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {0219847F-5C6F-4DFF-94CD-753D6F09BEE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE418E94-F7BF-4201-BEFB-FF51E92CB5BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B151025-97E3-4660-8DD9-CDF7BC5EB8C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F107FCF7-30EF-468F-B1A3-46C59815C3D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {738017E9-EC66-4F47-A7F3-9C496A8C5ACA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-08] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump :5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundup date.moz_log --backgroundtask backgroundupdate
Task: {35954901-EE89-4316-BFA3-AC2037A3B067} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {0165BDAC-8546-4B68-8EB1-3ED199EDACA3} - System32\Tasks\Opera scheduled Autoupdate 1687101525 => C:\Users\gaele.000\AppData\Local\Programs\Opera\la uncher.exe [2730912 2023-08-02] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5d3dae05-7f58-4b59-a82b-1eff2018dd0f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b90108dc-e04b-433c-845e-39cb3cf7d5d9}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default [2023-08-14]
Edge HomePage: Default -> hxxps://www.ighome.com/
Edge StartupUrls: Default -> "hxxp://www.ighome.com/"
Edge NewTab: Default -> Not-active:"chrome-extension://fbnocjfjcbbminbfklpioinjjofkobom/newtab.html"
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
Edge Extension: (Google Translate) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2023-06-18]
Edge Extension: (Old Layout for Facebook) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaeg aeagge [2023-06-18]
Edge Extension: (Search With Incognito) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\aegpbigghghmkomaolphakjjpp nebdhb [2023-06-18]
Edge Extension: (PDF to JPG ) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ahhondajieaabnhicjkpnhdmdj jdinhe [2023-06-18]
Edge Extension: (GIPHY for Gmail) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\andgibkjiikabclfdkecpmdkfa npdapf [2023-06-18]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmm ooekmp [2023-07-18]
Edge Extension: (Pinterest Save Button) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\bkgoflemacdadndiohhdnphcmd hacabg [2023-06-18]
Edge Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2023-06-18]
Edge Extension: (Eno® from Capital One®) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2023-08-10]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeac pdfbkd [2023-07-26]
Edge Extension: (YT-Nonstop) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ddobgngkifgapahlheghhckckk cgpikf [2023-06-18]
Edge Extension: (PDF to JPG Converter) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\dkmiiopgdgoencflajlbmplble oafdmd [2023-07-11]
Edge Extension: (New Tab for Google Workspace™) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ehpgcagmhpndkmglombjndkdmg gkgnge [2023-06-18]
Edge Extension: (Keepa - Amazon Price Tracker) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ejefaeioamebhekmfaclajddbp nnobje [2023-06-18]
Edge Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\elhekieabhbkpmcefcoobjddig jcaadp [2023-07-26]
Edge Extension: (Online Manuals App) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\fbnocjfjcbbminbfklpioinjjo fkobom [2023-06-18]
Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2023-07-15]
Edge Extension: (Google Docs Offline) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2023-07-19]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\gmmlpenookphoknnpfilofakgh emolmg [2023-07-26]
Edge Extension: (Mileage Calculator by wheretocredit.com) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\gomddcmabinakjildbgfoabbia kfkkfk [2023-06-18]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2023-08-01]
Edge Extension: (Organize Downloads by Date) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2023-06-18]
Edge Extension: (Routora - Google Maps Route Optimization) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jdddfnfohdeaklgkpglonlofga pjgfbp [2023-06-18]
Edge Extension: (RetailMeNot Deal Finder™️) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jjfblogammkiefalfpafidabbn amoknm [2023-06-18]
Edge Extension: (SwagButton) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jkdkbjmbppokkkjhedmhpmdjbc kelnen [2023-07-22]
Edge Extension: (Edge relevant text changes) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkg hcpiha [2023-08-08]
Edge Extension: (Startpage - English) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jogphcaagccljpbnoddeknjjng efidmm [2023-06-18]
Edge Extension: (ShopSavvy) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kfgplddboijhggifoobffajcpk mhalaa [2023-06-18]
Edge Extension: (Capital One Shopping: Add to Edge for Free) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikf cefljn [2023-07-31]
Edge Extension: (Fuel Cost for Google Maps™) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kjeednpebhfpkojegkfmdlgkok kafocd [2023-06-18]
Edge Extension: (Weather Forecast powered by AccuWeather) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\lcpfjmblaenhkgmejbafmemkge cheono [2023-06-18]
Edge Extension: (RocketReach Edge Extension - Find any Email) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ldjlhlheoidifojmfkjfijmdhl agakni [2023-06-18]
Edge Extension: (Copy me that!) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\lkmcogbnaohagegccoghdcjmgd ibjfig [2023-06-18]
Edge Extension: (Social tools) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\llbdoljkknpjgfcnbnoiehjcga ncpjmd [2023-06-18]
Edge Extension: (RSS Subscription Extension (by Google)) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmm mcbfjd [2023-06-18]
Edge Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-08-04]
Reply With Quote
  #15  
Old August 14th, 2023, 02:01 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 78
Posts: 159
Part 2 of 1st Txt
FireFox:
========
FF DefaultProfile: lj4dlij7.default
FF ProfilePath: C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\lj4dlij7.default [2023-06-18]
FF ProfilePath: C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204 [2023-08-14]
FF Notifications: Mozilla\Firefox\Profiles\0o7zajg2.default-release-1689431361204 -> hxxps://calendar.google.com
FF Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204\Extensions\support@lastpass.com.xpi [2023-07-26]
FF Extension: (Eno® from Capital One®) - C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2023-08-05]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default [2023-08-14]
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/"
CHR Extension: (Google Translate) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2023-06-24]
CHR Extension: (Old Layout for Facebook) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaeg aeagge [2023-06-24]
CHR Extension: (Search With Incognito) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aegpbigghghmkomaolphakjjpp nebdhb [2023-06-24]
CHR Extension: (GIPHY for Gmail) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\andgibkjiikabclfdkecpmdkfa npdapf [2023-06-24]
CHR Extension: (PDF to JPG ) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bemoeohlphdgcjkaihajafjokc dcaipd [2023-06-24]
CHR Extension: (Earth View from Google Earth) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bhloflhklmhfpedakmangadcdo fhnnoh [2023-06-24]
CHR Extension: (DuckDuckGo) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggd iikppg [2023-07-14]
CHR Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2023-06-24]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\chhjbpecpncaggjpdakmflnfco pglcmi [2023-07-25]
CHR Extension: (Eno® from Capital One®) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2023-07-12]
CHR Extension: (Weather Forecast powered by AccuWeather) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\conoiojhfhpoboccndegeemkpg kcnkoe [2023-06-18]
CHR Extension: (PDF to JPG Converter) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\dkmiiopgdgoencflajlbmplble oafdmd [2023-07-12]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2023-06-18]
CHR Extension: (New Tab for Google Workspace™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ehpgcagmhpndkmglombjndkdmg gkgnge [2023-06-24]
CHR Extension: (Online Manuals App) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fbnocjfjcbbminbfklpioinjjo fkobom [2023-06-24]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2023-07-15]
CHR Extension: (Startpage - English) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fgmjlmbojbkmdpofahffgcpkhk ngfpef [2023-06-24]
CHR Extension: (Total Adblock - Ad Blocker) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gekdekpbfehejjiecgonmgmepb dnaggp [2023-07-21]
CHR Extension: (The Camelizer) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ghnomdcacenbmilgjigehppbam fndblo [2023-06-18]
CHR Extension: (SwagButton) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjl fgdemm [2023-07-21]
CHR Extension: (Pinterest Save Button) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmk opogic [2023-06-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2023-07-19]
CHR Extension: (mysms - SMS from Computer) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnoko lhblgb [2023-06-24]
CHR Extension: (Kindle Cloud Reader) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjj eneebd [2023-06-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2023-07-19]
CHR Extension: (Organize Downloads by Date) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2023-06-24]
CHR Extension: (Routora - Google Maps Route Optimization) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\jdddfnfohdeaklgkpglonlofga pjgfbp [2023-06-24]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobk ghlhen [2023-07-25]
CHR Extension: (Fuel Cost for Google Maps™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\kjeednpebhfpkojegkfmdlgkok kafocd [2023-06-24]
CHR Extension: (Copy me that!) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpee acklfl [2023-06-24]
CHR Extension: (Social tools) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\llbdoljkknpjgfcnbnoiehjcga ncpjmd [2023-06-24]
CHR Extension: (Classic Blue Theme) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\maejegjiekmgjakcgkdkjgjoif hihekp [2023-07-12]
CHR Extension: (ShopSavvy) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\megchchilhekbbnfcklodmndef bhkbco [2023-06-24]
CHR Extension: (ZIP Extractor) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\mmfcakoljjhncfphlflcedhgog fhpbcd [2023-06-24]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\neebplgakaahbhdphmkckjjceg oiijjo [2023-06-24]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nenlahapcbofgnanklpelkaejc ehkggg [2023-07-22]
CHR Extension: (YouTube NonStop) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nlkaejimjacpillmajjnopmpbk bnocid [2023-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2023-06-18]
CHR Extension: (Password Alert) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2023-06-24]
CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2023-06-18]
CHR Extension: (RocketReach Chrome Extension) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oiecklaabeielolbliiddlbokp fnmhba [2023-06-24]
CHR Extension: (Privacy Test) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2023-06-24]
CHR Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-07-25]
CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Guest Profile [2023-08-14]
CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\System Profile [2023-08-14]

Opera:
=======
OPR Profile: C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable [2023-08-14]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera &ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-09]
OPR Extension: (Opera Wallet) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-02]
OPR Extension: (Aria) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-31]
OPR Extension: (opera-intro) - C:\Users\gaele.000\AppData\Local\Programs\Opera\10 1.0.4843.33\resources\opera_intro_extension [2023-08-08]
StartMenuInternet: (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000) OperaStable - "C:\Users\gaele.000\AppData\Local\Programs\Opera\L auncher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [22224 2023-04-11] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\\AS\\IAS\\IntelAud ioService.exe [412160 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-01] (Malwarebytes Inc. -> Malwarebytes)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SupportAssistAgent; c:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [48464 2023-04-11] (Dell Inc. -> Dell Inc.)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sy s [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl2bc3e408; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA20B44C-2F92-4DDB-9D98-F83F9F9C326B}\MpKslDrv.sys [222464 2023-08-14] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-14 07:47 - 2023-08-14 07:47 - 002385408 _____ (Farbar) C:\Users\gaele.000\Desktop\FRST64(1).exe
2023-08-10 15:30 - 2023-08-10 15:42 - 000152964 _____ C:\Users\gaele.000\Downloads\lastpass_export.csv
2023-08-09 15:49 - 2023-08-09 15:49 - 017220199 _____ C:\Users\gaele.000\Downloads\Insanity at its finest.mp4
2023-08-09 13:16 - 2023-08-09 13:16 - 000009971 _____ C:\Users\gaele.000\Downloads\claims(1).csv
2023-08-08 20:56 - 2023-08-08 20:56 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1)(2).mp4
2023-08-08 20:56 - 2023-08-08 20:56 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1)(1).mp4
2023-08-08 20:26 - 2023-08-08 20:26 - 006393006 _____ C:\Users\gaele.000\Downloads\Les plaisirs de la technologie(1).mp4
2023-08-08 18:18 - 2023-08-08 18:18 - 000000000 ___HD C:\$WinREAgent
2023-08-08 13:18 - 2023-08-14 07:57 - 000035618 _____ C:\Users\gaele.000\Desktop\Addition.txt
2023-08-08 13:15 - 2023-08-08 13:15 - 002384896 _____ (Farbar) C:\Users\gaele.000\Downloads\FRST64.exe
2023-08-08 13:08 - 2023-08-08 13:08 - 000002084 _____ C:\Users\gaele.000\Documents\cc_20230808_130852.re g
2023-08-08 01:29 - 2023-08-10 15:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-07 11:34 - 2023-08-14 08:30 - 000041685 _____ C:\Users\gaele.000\Desktop\FRST.txt
2023-08-07 11:33 - 2023-08-14 08:30 - 000000000 ____D C:\FRST
2023-08-04 04:19 - 2023-08-04 04:19 - 000000000 ____D C:\Windows\Firmware
2023-08-02 14:51 - 2023-08-02 14:51 - 000000000 _____ C:\Users\gaele.000\FLUSHDNA
2023-07-31 18:41 - 2023-07-31 18:41 - 000000000 _____ C:\Users\gaele.000\flushdna'
2023-07-31 16:39 - 2023-07-31 16:39 - 000000000 ____D C:\Users\gaele.000\AppData\Local\ToastNotification ManagerCompat
2023-07-31 16:38 - 2023-07-31 16:38 - 003145080 ____N (OneLaunch ) C:\Users\gaele.000\Downloads\OneLaunch - Manuals_ln2to.exe
2023-07-31 16:33 - 2023-07-31 16:33 - 000393875 _____ C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com.htm
2023-07-31 16:33 - 2023-07-31 16:33 - 000000000 ____D C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com_files
2023-07-31 16:31 - 2023-07-31 16:31 - 001084872 _____ () C:\Users\gaele.000\Downloads\mypdfmanager.exe
2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005.htm
2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005(1).htm
2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea.mp4
2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea(1).mp4
2023-07-31 14:47 - 2023-07-31 14:47 - 000003568 _____ C:\Users\gaele.000\Documents\cc_20230731_144734.re g
2023-07-15 11:31 - 2023-07-15 11:31 - 001352702 _____ C:\Users\gaele.000\Documents\How To Make A Snuffle Mat - 3 Ways To Make A DIY Snuffle Mat ⋆ Hello Sewing.pdf
2023-07-15 10:29 - 2023-08-14 08:28 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-15 10:29 - 2023-08-10 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-15 10:29 - 2023-08-08 08:29 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-07-15 10:29 - 2023-07-15 10:29 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-07-15 10:29 - 2023-07-15 10:29 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Users\gaele.000\Desktop\Old Firefox Data

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-14 08:18 - 2023-06-18 00:03 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Packages
2023-08-14 08:18 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-14 08:18 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-14 08:16 - 2023-06-18 13:53 - 000000000 ____D C:\Program Files\CCleaner
2023-08-14 08:16 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-14 08:07 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-08-14 08:03 - 2023-06-18 11:09 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Malwarebytes
2023-08-14 07:50 - 2023-06-18 02:22 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-14 07:50 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2023-08-14 07:46 - 2023-06-26 05:32 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Apps\2.0
2023-08-14 07:46 - 2023-06-18 04:46 - 000000000 ___RD C:\Users\gaele.000\OneDrive
2023-08-14 07:46 - 2023-06-18 02:12 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-14 07:46 - 2023-06-18 02:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-14 07:46 - 2023-06-18 02:12 - 000000000 ____D C:\Intel
2023-08-14 07:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2023-08-14 07:45 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-08-14 07:14 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-14 05:25 - 2023-06-18 11:36 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{0416AA07-CBB7-4DFF-9D12-5ABBBA2D12A0}
2023-08-13 23:12 - 2023-06-18 11:30 - 000007909 _____ C:\Windows\BRRBCOM.INI
2023-08-11 12:24 - 2023-06-18 02:12 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-11 12:24 - 2023-06-18 02:12 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-11 10:04 - 2023-06-24 12:47 - 000000000 ____D C:\Users\gaele.000\Downloads\2023
2023-08-10 16:20 - 2023-06-18 04:47 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3036132105-1439115854-3050649200-1000
2023-08-10 16:20 - 2023-06-18 04:46 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3036132105-1439115854-3050649200-1000
2023-08-10 16:20 - 2023-06-18 02:16 - 000002397 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk
2023-08-10 15:53 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-10 15:44 - 2023-06-18 02:12 - 000436232 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat
2023-08-10 15:42 - 2023-06-18 06:04 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Excel
2023-08-10 15:35 - 2023-06-18 06:07 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Word
2023-08-10 08:22 - 2023-06-18 11:09 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2023-08-09 18:28 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-09 03:14 - 2023-06-18 04:52 - 000000000 ____D C:\Users\gaele.000\AppData\Local\D3DSCache
2023-08-08 18:22 - 2023-06-18 02:14 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-08-08 18:17 - 2023-06-18 02:09 - 000000000 ____D C:\Windows\system32\MRT
2023-08-08 18:05 - 2023-06-18 02:09 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-08 13:07 - 2023-07-12 13:57 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-08 13:07 - 2022-01-18 12:59 - 000000000 ____D C:\Windows\SystemTemp
2023-08-08 11:20 - 2023-06-18 11:18 - 000004214 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1687101525
2023-08-08 11:20 - 2023-06-13 09:05 - 000001423 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Opera Browser.lnk
2023-08-02 14:51 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000
2023-08-01 15:33 - 2023-06-26 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-07-31 16:51 - 2023-06-18 11:31 - 000000000 ____D C:\Users\gaele.000\AppData\Local\CrashDumps
2023-07-31 16:44 - 2020-04-14 14:19 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Offic e
2023-07-31 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\registration
2023-07-31 13:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\NDF
2023-07-27 18:17 - 2023-06-18 02:05 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-07-21 10:59 - 2023-07-12 17:04 - 000004752 _____ C:\Users\gaele.000\Documents\2022 and up thru 7-12-23claims .csv
2023-07-21 10:59 - 2023-06-16 16:08 - 000001269 _____ C:\Users\gaele.000\Documents\presciption claims 2023.csv
2023-07-21 10:59 - 2023-01-18 16:39 - 000003068 _____ C:\Users\gaele.000\Downloads\2022 Prescriptionsummary .CSV
2023-07-19 17:56 - 2023-06-18 13:53 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-07-19 10:32 - 2023-06-18 13:53 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-07-19 10:32 - 2023-06-18 13:53 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2023-07-16 10:24 - 2023-06-18 04:48 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Comms
2023-07-16 09:18 - 2022-11-23 11:43 - 000010601 _____ C:\Users\gaele.000\Documents\Fidelity.xlsx
2023-07-15 10:29 - 2023-06-18 02:23 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Mozilla

==================== Files in the root of some directories ========

2023-06-26 06:19 - 2023-06-26 06:19 - 000000373 _____ () C:\Users\gaele.000\AppData\Roaming\SaraBat.bat
2023-06-26 06:19 - 2023-06-26 06:19 - 000196984 _____ (Microsoft Corporation) C:\Users\gaele.000\AppData\Roaming\SetupProd_Act.e xe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 12:09 AM.